The best way to ensure your website remains safe is to follow a few simple steps:
- Use strong passwords for all user accounts.
- Take backups of your WordPress website.
- Update your WordPress installation, themes and plugins (though we do recommend testing updates on a localhost installation or on a staging site first). And if theme or plugin you’re currently using hasn’t been updated in the last couple years you might want to consider switching to a new one.
- Don’t install illegal downloads of premium themes and plugins, which almost always include malicious code (virus, spam, hacker backdoor, etc).
- Only use plugins and themes from trustworthy websites. We don’t recommend downloading from forums or third party sharing sites (torrents). If you aren’t sure of a website’s trustworthiness check customer reviews, item ratings and social accounts.
If you don’t want to worry about your web security we suggest choosing a good managed hosting plan that includes daily backups, firewalls and malware scanning to keep your server safe. And if you want to add an extra layer, consider a security plugin such as iThemes Security or Wordfence.