It was Monday morning and I was on a call with a dozen others who are my peers. Each of us helps the small business owner with their businesses in one way or the other. It was at the end of the call and we were each sharing our websites and going over how to make little improvements here and there. Time was running out and there was just enough time for one more website review, I volunteered. As my site was coming up for all to see suddenly the screen turned a maroon red with an outline of a security officer with his hand stretched out and the words of"do not precede malware threat." I was too horrified to remember precisely what it said although there was more. I was concerned about my website on being destroyed plus humiliated that the people on the call had seen me vulnerable, that I had spent hours.
Cloning your site is another level in secure your wordpress site find more information which may be very useful. Cloning simply means that you've backed up your website to a totally different place, (offline, as in a folder, so as to not have SEO issues ) where you can access it at a moment's notice if necessary.
Basically, it will start with the basics. Attempt using complex passwords. Use special characters, numbers, letters, and spaces and combine them to create a unique password. You can also use usernames that aren't obvious.
Exclude pages - This plugin adds a checkbox,"include this go now page in menus", which can be checked by default. If you uncheck it, the page will Click This Link not appear in any listings of pages (which includes, and is ordinarily limited to, your page navigation menus).
If you're not running the latest version of WordPress, upgrade now. Similar to maintaining your door unlocked when you leave for vacation leaving your site is.
There is another problem you have with WordPress. People know where they can login and they also could just visit with your login form and try outside a different combination of passwords and user accounts. In order to stop this from happening you want to set up Login Lockdown. It is a plugin that lets users attempt and login with a wrong password three times. After that the IP address will be banned from the server for a specific timeframe.