WordPress has always been targeted by hackers because of its known vulnerabilities. These vulnerabilities does not limit only to Wordpress core files but, most of the times, are the outdated plugins and themes. Securing your WordPress website takes time and should be done in a recurring process. Here are the steps you should take to protect your Wordpress.
1. Remove vulnerable WordPress Plugins
Remove Wordpress Plugins that is currently vulnerable from your website. Visit WPScan Vulnerability Database (https://wpvulndb.com/plugins) for the list of vulnerable plugins and ensure you do have it installed.
2. Install Wordfence
This plugin, available for FREE in WordPress plugin store, is a highly recommended security plugin for your WordPress site to help you secure your website. It offers multiple features such as scanning integrity of your Wordpress core files, and as well as for malware vulnerable themes, plugins, etc. NOTE AND READ: Since this is a wordpress plugin, make sure you always update it.
3. Rename your wp-login.php
Another great plugin called Rename wp-login.php works to easily rename your wp-login.php which is highly targeted by spammers and hackers trying to get in to your Wordpress. This plugin will rename your wp-login.php so you only you will know where to access admin dashboard. However, if you are using the WP comment system, the point of hiding the login page will make no sense because your commenters will have to login in order to comment. Thankfully, Shrewdies wrote a detailed guide to help us fix that.
4. Scan your website
After all the hard-work, you want to make sure your webesite is really secured. Sucuri SiteCheck provides remote scanning and will report to you if your website is free from malware, and other security flaws.
5. Install Sucuri Security
And follow this in-depth guide for complete steps on how to maximize their free tier and secure your Wordpress.
6. Stay up to date
Know the latest plugin vulnerability. Subscribe to Sucuri's blog. Being the security firm that we trust, Sucuri's blog are the most up-to-date when it comes to reporting vulnerabilities simply because... it is their business.
Hopefully these articles will help your secure your Wordpress website. Stay secure so you can operate at peace.