Get an SSL certificate, which is especially important for sites that deal with payments and personal information. The SSL certificate encrypts information sent out over networks so that hackers have a hard time decoding it. Besides that, it is an industry-standard. Chrome alerts visitors when the site they are visiting doesn’t have an SSL certificate. In addition to this, Chrome is now deprecating legacy TLS versions and started showing additional warnings. Enabling HTTPS (part of installing an SSL certificate) is also an official Google ranking factor.
Keep your login credentials secure. Several attacks are caused by hackers trying to forcefully gain access to a website. It helps to have a separate/hidden login page (use the WP Hide Login plugin) and to limit the number of login attempts. Use the Login LockDown plugin, which records the IP address and timestamp of every failed login attempt and locks down the login function if the number of failed attempts from the same IP range is reached in a short period of time. Also, create a secure password that’s more than 6 characters and is a mix of both upper and lowercase letters, numbers, and special characters. Change your password often. You can also use two-factor authentication for logging in if you’re looking for extra security.
Keep the WordPress core, plugins and themes updated. Don’t forget to download plugins or themes from a reputable source. A good sign is if the plugin/theme has multiple installations and has recently been updated. You should also read reviews to decide for yourself if the plugin is trustworthy (make sure to check those listed here). On that note, download a WordPress security plugin, as 73.2% of the most popular WordPress installations that are vulnerable can be detected using free automated tools. Here’s a more in-depth list of the best security plugins.
Use a secure web host. For those not in the know, it may not seem like your web host has anything to do with site security, but 41% of attacks occur through a security vulnerability on the hosting platform. Look for a hosting provider that includes features such as: server-side firewall and encryption, NGINX or Apache web servers, antivirus and anti-malware software, on-site security systems, and the availability of SSL certificates and a CDN.