1. Change the “admin” Username.  The “admin” username is the default for all wordpress installs, and although it’s easy and intuitive it’s also incredibly easy guess and start to hack.  Change the username to something unique and give the hackers one more problem to solve.
2. Use a STRONG password or a passphrase.  You may think that using your dog’s name or your mother’s maiden name with 01 on the end is secure, but it’s not.  It’s really is easy for a hacker to push through thousands of word combinations in seconds and adding 01 to any combination of words or letters is pretty straight forward.  So make you password a little more complex, add lower and upper cases, add special characters and numbers.  Better yet use a passphrase!  What’s a passphrase, well my friend, it’s a sentence instead of word you use for your password.  “thisismysitethatilovetoday” or “1dayiwillbuy2dogsnamedTom!”  See how that’s incredibly hard to hack but really easy for you to remember.  It’s an easy way to make an ultra-secure password you can remember.
3. DO YOUR UPDATES. WordPress and the plugins you use on your site are constantly asking for updates.  But many of those updates are patching security holes.  I know it seems like a pain but it really is less work than trying to recover from a hacked site.  As Nike would say, “Just Do It!”
4. Use a security plugin or a web host that provides security and site hardening options.  There are some really great plugins and services out there to help protect your site.  Wordfence has a free and paid option for it’s plugin and can really help protect your site.  Sucuri.net provides hardening, monitoring and recover services for all types of sites not just WordPress.  Companies like SingleHop.com offer secure hosting and security services at the enterprise level, WpEngine.com is another good example but for small businesses. Don’t forget services like Cloudflare.com which provide a firewall to your site giving an extra level of protection while often speeding up your site’s loading time.
5. Control who has access to your site.  Know your developer, never give your admin login to them, but create a new account for each person, so when they finish the work you can remove the account from the site
6. Remove deactivated plugins and themes.  If you’re not using a theme or a plugin, just delete from the site, you’ll have less to update and less chance that a security hole will be found.  You don’t leave your house a mess, be clean with your site as well and take out the garbage.
That’s it for now, what are your favourite tips to help keep your site secure, we’d love to hear them and I’m sure everyone else would appreciate it?