Did you test your WordPress-based website against common configuration problems that could lead to security headaches?
Have you heard of Security through obscurity?
Did you know that “Rich in Features” can also be “Rich in Vulnerabilities”? Needless to say, CMS platforms like WordPress are not security-hardened to a great degree out of the box.
Ever thought of these ones?
- Always run the latest version
- Update your backend regularly
- Always use trusted sources for themes and plugins. Be extra carefully about free themes and plugins (since they have to make a living, how do they do it?)
- Never use default settings
- Reduce credentials and be careful about user levels
- Always use strong passwords
- Protect the .htaccess file
- Backup daily, but also keep weekly and monthly backups. A website compromise might not be detected in a day’s-span, so you might need an old backup.