Hackers love “admin” users.
Upon WordPress installation, the default user named “admin” is created. In order for hackers to get into your WordPress administration pages, they need to have your username and password. If you have a user that is named “admin”, you’ve just given the hackers half of the puzzle. So what do you do? Create a new user. Name is anything other than “admin”. Assign its role as Administrator. Log back in as this newly created user. Delete “admin”.
Hackers love outdated WordPress versions.
It’s a continual cat-and-mouse game. The hackers look for security vulnerabilities in the software and once discovered, the programmers work to close those vulnerabilities. The programmers then release updates to the WordPress application. If you don’t update to the latest WordPress version, you are leaving your website open to hacker attacks. So what do you do? On the Dashboard, under your website name, if there you are running an outdated WordPress version, it will give you an option to update. Do it.
Hackers love outdated and free, unsupported WordPress themes.
WordPress themes don’t just make your website “pretty”. Your theme, for the most part, controls the look of your website, but it also includes a lot of programming code and scripts–code and scripts that can allow badguys into your website. So what do you do? Programmers who develop WordPress themes will often update them. These updates may include security fixes. Check with your theme programmer for any new updates to your theme. Better yet, see if you can get on a mailing list to be notified when updates to your theme are available.
Hackers love outdated WordPress plug-ins.
WordPress plug-ins are a popular way for hackers to hack into websites. So what do you do? Review your Installed Plugins from time to time and always update to the latest plugin version. Sometimes an update may result in the plugin not working the way it was, in which case, cut your losses and find a new one. Don’t stick with outdated plugins. Also, delete all plugins that are not actively in use.