I received an inquiry today and the client is upset. His WordPress site was hacked.

Here is little suggestion from me. Keeping all WordPress themes and plugins updated is very essential. Limit admin logins, Remove unused plugins, Renaming WordPress version is also a good suggestion.

This article is going to focus more directly on the ways you can secure your WordPress website.

Keep WordPress up-to-date:

Whenever you login to the dashboard and see that “Update available” banner, click it and update your site. If you’re worried about something breaking, make a backup before installing it.

Keep plugins and themes up-to-date:

As like WordPress Core, you should also update plugins and themes. Each plugin and theme installed on your site is like a backdoor into your site’s admin.

Remove unused plugins:

Remove of any plugins or themes you don’t need will reduce the chance of being hacked. If you’re not using them, you’re not going to want to update them, so it’s a much better idea to delete them.

Make strong username and password:

If you are using username “admin” and password “admin” then highest chance of being hacked. You can change it by inputting an SQL query in PHPMyAdmin

Pick the Best Hosting You Can Afford:

You can trick out your site all you want with all the latest security hacks but if you don’t have a good hosting provider, your efforts aren’t going to matter all that much. In fact, security experts WP White Security reported that 41% of WordPress sites were hacked due to a security weakness on the host itself which means you need to do something about your hosting plan ASAP. Few really good managed WordPress hosts that have solid security track records include WP Engine, Bluehost, and Siteground.