- Always update Wordpress, plugins and themes to close up any security loopholes.
- To find out the suggested file permissions you can install the wordpress plugin Bulletproof Security
- Then, you can fix file permissions using an FTP client or a terminal.
- Always make sure that your wp-config.php file is set to 750.
Backup your database
- With a cron job
- with plugins such as WordPress Database Backup or xCloner.
Delete the admin User
- Create a new user with administrator settings
- Delete the old admin username.
Use Security Plugins
- Bulletproof Security
- Secure Wordpress
Download Pluings/Themes from Wordpress or another reputable site
- Don't use non reputable sites.
- Use a difficult password.