Online security is a big deal. Here are a few tips to keep your WordPress® website secure:
Make sure to keep your WordPress core, themes, and plugins up to date. If you don't you risk compromising your website's security.
If you installed WordPress through your hosting account, there are options to have your software update automatically.
You can still update WordPress through the admin dashboard. This may cause your Website's version of WordPress and Value Applications version of WordPress for your Website to get out of sync, though. If this happens, attempting to update WordPress through Value Applications results in an error message and you need to update WordPress through the admin dashboard in the future.
If an attacker gains access to your computer, they can gain access to your WordPress Website while you're logged in, or from your saved browser passwords. Keeping your computer safe is one of the best steps you can take toward keeping your Website safe.
Your password protects your WordPress Website. Make sure it's hard to guess, not shared with anybody, and changed frequently. Most security experts recommend changing your password every 90 days to prevent attackers from accessing your Website by repeatedly guessing your password.
If you need to share your WordPress admin with another user, you should create a new user account for them.
Connecting to your Website via FTP-SSL keeps your password secure from eavesdropping. For more information see Connecting to Your Shared Hosting Account with FTP-SSL.
For an additional cost, you can purchase services that bring extra security to your Website. There are several services available that look for changes and known vulnerabilities in your Website on a regular basis.
Purchasing an SSL certificate and configuring WordPress lets you log in and use your administration page over https. This protects your password and admin session from eavesdroppers on your network. For more information, see Using an SSL with Your WordPress Admin Control Panel.