1. Backup
This is the first step and the most important. Before you plan on making any changes, make sure you backup your entire DB. You can do this manually or use an available plugin. I recommend backup buddy which backs up your entire wordpress blog. Unlike free plugins which only backup your database, backup buddy exports your entire database with images, files and whatever you have in your blog’s content folder- Pretty sweeet!
2. Update WordPress Version
Second crucial step after backing up your blog is to update it to the latest version. You should always make sure that your blog’s version is up to date. WordPress team creates patches to help fix security holes. Follow wordpress feed to find out about the latest updates or you could simply login to your admin.
It is also critical that all your themes and plugins are also updated at all times. Wordpress has recently implmented automated updates, this only applies to the main wordpress install. Your themes and plugins are not automatically updated. So its critical, you login to your wordpress and update them.
We suggest users install a automatic update plugins for e.g https://wordpress.org/plugins/automatic-updater/ , and configure it to update your plugins and themes.
3. Change your Login/Password
The default wordpress login is “admin” and most hackers know that. We should change this to something else that would be difficult to guess. Something like “rogers12” or “donhoe2” is good examples. The best thing to do is delete the default admin and create a new custom login.
I suggest that you use strong passwords which include upper/lower keys, numbers and symbols. Something like “r0ckStAR19!@” or “Anab3l2@!” is a great example of a strong password.
Most hackers try to brute force the password so if your password is really strong as I mentioned earlier, you should be fine.
4. Install a security plugin for e.g. iThemes Security Plugin
ONce installed, follow all the suggested recommendations to secure your wordpress install.
5. Install WP Security Scan
This plugin is the real deal. It’s simple and automates stuff. It will scan your wordpress blog for vulnerabilities and inform you if it finds any malicious codes etc. If the texts are in green in the admin panel then you should be good. However, they will not just be green; sometimes you have to fix the problem and make them.