You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
By default, the newest version of WordPress is pretty darn secure. Anything which may have been added to any clean hacked wordpress site plugins has been considered by the development team of WordPress . Before, WordPress did have holes but now most of them are stuffed up.
Also, don't make the mistake of thinking that your web host will have your back as far as WordPress copies go. Not always. It has been my experience that the company may or might not be doing proper backups, while they say that they do. Take that kind of chance?
You also need to set the"Anyone Can Register" in Settings/General to away, and you ought to have some sort of spam plugin. Akismet is the one I use, the old standby, but there are lots of them nowadays.
Along with adding a secret key to your wp-config.php document, also think about changing your user password into something that's strong and unique. WordPress will Visit This Link tell you the strength of your password, but include numbers, use upper and lowercase letters, and a great idea is to avoid common phrases. It's also a good idea to change your password frequently - say once every six months.
Do your homework and some hunting, but if you're pressed for time and want to get this try the WordPress security plugin that I use. It's a relief to know that my website (and business!) are secure.