Keeping your WordPress site secure is rather simple
The one negative that I always hear from people who aren’t fans of WordPress as a CMS (content management system), is that it has security vulnerabilities because it uses PHP.
Belo, I listed some ways to keep your website more secure,
Whenever someone sets up a WordPress site, you will often times be given the username “admin” automatically. Never keep this username. Make sure you create a new account with a new username and delete the admin account.
Hackers know that most WordPress sites use the username “admin” so they already have your username if you don’t change it.
If you’re you’re installing WordPress yourself, you should be able to make the username whatever you want it to be so you don’t have to use “admin” right off the bat.
This should already be common sense, but don’t choose a password that is weak in strength. Choose something strong and even change your password every few months.
WordPress releases new updates through the year and it is vital that you install them because they address a lot of stability and security issues that come up.
First and foremost, you should make sure you update your the plugins on your site at least once a week, that need to be updated.
Also you should never leave plugins inactive on your site because it poses a security risk.
Just like plugins, you need to make sure that the theme you are using is updated when necessary. Also don’t leave any themes you aren’t using installed and inactive on your site because like inactive plugins, they pose a security risk.
Like most websites now, WordPress has a two-factor authentication system to keep your site protected.