- have automated daily backups of your WordPress Directories & Files.
- update your wordpress to the latest version but do it carefully make sure your themes and plugins are compatible.
- you’re running the newest version of your theme & plugins.
- strong password
- avoid using admin as username if possible
- remove outdated and unused plugins
- You’ve properly configured SSL (HTTPS).
- Use Free Tools to Scan Your WordPress Site for Vulnerabilities
- limit the login attempts
- use latest PHP version
- Disable XML-RPC
- Use Premium security plugin
- take advantage of two factor authentication
- Disable file editing and PHP file extension