I work in Tech Support for a Web Hosting Company and we get a lot of customers calling us for support when their WordPress websites get hacked.

These are my top tips to protect your website.

1. Never use “admin” as your WordPress username. Everyone knows that “admin” is the default username, any hacker has 50% of the login details already.
2. Always use a strong password. Check this link for the most common passwords used.
3. Update! Update! Update! Ensure that you update the WordPress Files, Themes and Plug-ins to the latest versions. I cannot stress this enough.
4. Clean up the website. Remove old Plug-ins and Themes that you are no longer using.
5. Install a decent WordPress security plugin that prevents brute force attacks.
6. Remove the readme.html file. It just lets a hacker know what version of WordPress you are using.
7. Take regular backups of both the website and the database. Don’t wait until it’s too late.
8. Routinely scan and monitor the website for Malware. Check this link for a free scan.

These are all common sense tips and not difficult to implement on WordPress. Always be proactive about your website and don’t wait until it is too late. Always discuss your security concerns with your developer or designer.