Websites are hacked by autonomous machines these da… not by humans hacking individual sites. These machines search the internet for vulnerable websites day and night. I get calls every week from people whose websites got hacked and I have some very specific things for you to do if you own a WordPress website.
1. Backup your website daily. Don’t assume your web hosting does this for you (many do not or if they do they charge you to access it and it only goes back 30 days).
2. Update your WordPress themes, plugins, and core software once a week. This is the #1 reason for hacked WordPress websites and it’s simple to do. You just need to have diligence when doing it.
3. Never use admin as a username. That is what WordPress comes with out of the box and it should be changed immediately. Create a new administrative level user and delete admin.
4. Use a super secure password and store it in a program like Lastpass.com so that you don’t have to remember it. A password should be so secure that it’s impossible to memorize. Think lots of special characters and uppercase/lowercase combos.
5. Don’t use the default wp-admin URL for your dashboard. Use WPS-Hide Login plugin to do just that!
6. Install Wordfence there are way too many options to talk about here it audits your website security, lets you do virus checks, and even lets you block whole countries from viewing your website.
7. Don’t give out your login info. Instead, create a separate administrative login for trusted developers to use. That way you can turn it off.
All these tips are essential for security and should take a professional about less than 2 hours for initial setup and then maybe 20 minutes a week of ongoing effort. If you don’t know about #1 or #2 above please contact me (or your web developer) immediately and ask them about WordPress updates and backups. Your website could be lost without it. Thanks!