- Update plugins – keep them updated so they have updated code and bug-fixes. CAREFUL: some plugin updates may break your website aesthetic or function so have a developer nearby to repair just in case!
- Don’t use same passwords everywhere – don’t use the same password for your WP admin and database that you do for your email and PayPal accounts.
- Remove unused themes/plugins – hackers often like to hide scripts and backdoor pages inside unused extensions.
- Block XML-RPC if you don’t use it. Learn more about it and how to block it.
Curious to know how I feel about WordPress security plugins?