These five WordPress Best Practices will help you keep your website up and running properly, secure, and safe.
(1) Keep Your Core WordPress Software Up to Date
Keep the CORE WORDPRESS SOFTWARE on your hosting server up to date. If you use the WordFence security plugin it will send you notifications via email that there is a WordPress update available for your website. Before running any updates you should confirm there is a recent complete backup of your website.
(2) WordPress Plugins
Keep the WordPress PLUGINS you are using at your website up to date. Outdated plugins are the #1 exploit used by hackers looking to maliciously get into a WordPress website. Again, if you use the WordFence security plugin it will send you notifications via email that there are PLUGIN UPDATES available at your website. Before any updates you should confirm there is a recent complete backup of your website. De-activate and delete any WordPress plugins you no longer use.
(3) “Move Your Front Door”
A simple first line of defense to keep hackers out of your website, at least amateur hackers, is to move the WordPress administrative login screen from its default location. Think of it as moving the front door to your home. It just makes it more difficult to get in. Move the default administrative login URL using the WPS Hide Login plugin. https://wordpress.org/plugins/wps-hide-login/
(4) Contingency Planning: Backup and Recovery
I recommend using VaultPress to manage WordPress backups and disaster recovery. VaultPress is not free, but it is very inexpensive. Two WordPress backup and recovery alternatives to VaultPress are Backup Buddy by iThemes and Updraft.
(5) Proactively Protect Your WordPress Website Using WordFence
Security plugins like WordFence offer free basic and premium advanced WordPress site protection. Additionally, WordFence will notify you if there are updates that should be processed at your website.