Last year more than 100,000 WordPress sites were targeted in a DDOS attack. This means that these computers were purposefully infected with a Trojan virus, and then used to target an unsuspecting third party.
Update WordPress and plugins regularly
Every updates come with small or large security changes to keep up or ahead of the hackers. Your site is only as safe as the updates it has gotten. Everything on your site should be updated and kept updated by a reliable system. The longer your websites sit without an update, the more vulnerable you are.
Use stronger passwords
Everyone needs stronger passwords. Simply everyone.
The best passwords are always random strings of upper and lower case letters with numbers and symbols thrown in. If you need help, go to a secure password generator site and make sure your password is written down somewhere.
Your password should change every six months at least!
Limit login attempts
When it comes to protecting a WordPress site, one of the best things you can do is limit the number of times someone can try to log in before the site gets locked down. Limit Login Attempt is a great plugin to prevents people from using guessing software to figure out what your password is.
Back it up
Sometimes, no matter what you do, your website might run into issues. If malicious enough, there is a chance that your website might be in serious trouble…like losing data or getting shut down by your web host. (This is a total nightmare.)
WordPress has several free plugins that will automatically archive your website every night (or weekly, or monthly). Not only that, they can save to your web server or a variety of cloud storage and you can limit the number of backups allowed in the storage space so you don’t have to periodically delete old ones.
Limit IP access
An IP is essentially an Internet address. If you are worried that you are being targeted by a specific IP, block that IP from your site.
Alternately, you can ban every IP that is not yours from accessing the administrative powers of your website…that is, of course, unless you have multiple remote administrators!