As the most popular web publishing platform on the internet (by a large margin), WordPress is a popular target for hackers and spammers. WordPress is known for being one of the most user-friendly website platforms available online, but out of the box WordPress is terribly vulnerable to attacks.
According to WP White Security, more than 70% of WordPress installations are vulnerable to hacker attacks and the total number of hacked WordPress websites in 2012 was 170,000 and it is thought that to be around a million for 2016.
You may be wondering why anyone would want to attack your website, particularly if you have a low traffic website; the vast majority of hackers are not looking to steal your data or delete important files. What they want to do is use your server to send spam emails or create links to their websites to increase their reputation at the expense of yours.
Reducing the risks
Use a good hosting company that are vigilant on security.
Keep WordPress, Themes and Plugins up to date.
The longer a version of a theme ore plugin has been around the greater the chance that a hacker has been able to find a vulnerability.
Avoid ‘Admin’ as the user name and use long and randomised code for the password. Google Random Password Code for several site that will provide excellent options.
Limit the number of login attempts.
Spammers use programs that run through thousands of passwords a second. If you limit the number of attempts to perhaps two or three and put a wait of 30 minutes or an hour before a further login attempt is possible, the chances of being hacked will be reduced. There are programs that will do this for you.
Backup your website regularly. If your website is hacked, you can return to normal function from a recently backed up version. The frequency to backup depends on the amount of new data you put on the site. An information site, such as the website of a firm of solicitors with just a few pages with little new information should be backed up monthly. An accountant who understands the importance of blogging with high quality fresh information might consider backing up weekly. A busy e-commerce shop should be backed up at least daily and perhaps every 4 hours if it is a very busy shop.
Most website designers will offer a security service including backups at intervals. If you are familiar with plugin updates and able to use FTP client programs it might be reasonable to take care of backing up your website for yourself.