Great article by iThemes, who just so happens to make a security plugin for WordPress. But seriously, the seven things that the article focuses on are things I’ve tried to focus on over my years as developer with my teams and employers.
I love too that it points out that exploiting sites isn’t usually a concentrated/personal attack, but rather bots constantly sniffing the Internet for exploits, sites that haven’t been patched, have exploitable, permissions etc.
Things like using HTTPS everywhere have gotten easier over the years as well, as free domain validation level certificates have become easy to do, providing your web host offers the service via something like Let’s Encrypt.
BTW, the iThemes Security Pro plugin has been a mainstay in all our WordPress installs. While some people don’t like actually paying for plugins, you should at least use their free version to harden your WordPress sites with ease.
Source: – 7 WordPress Security Best Practices