- Use 2 Factor Authentication
- Try to use your Admin account as little as possible
- Don’t name your Admin account “Admin”
- Keep your plugins up to date
- Don’t install more plugins than you need
- Don’t keep plugins you’re not using, even if they’re inactive
- Repeat steps 4 through 6 for Themes, too.
- Keep your WordPress itself up to date
- Get a plugin that changes your login page from
/wp-login.phpto something random like
- Get WordFence and if you can afford it, the Premium version.
I first recommend getting the highest tier of JetPack, which has all sorts of features including security.
If you’re unwilling to pay for the highest tier of Jetpack, get the Premium version of WordFence.
If you’re looking for free solutions: get both the free tier of JetPack and the free tier of WordFence.