1. Have Strong Passwords, and Change them Regularly
The first step you should take to protect your blog from being hacked is to have a password that is very strong. You’ll be surprised at how simple the password some people use is, and they end up complaining when they’re hacked.
Make sure your password doesn’t contain your name, address, or even date of birth. Use something nobody can ever associate with you, and don’t ever talk about your password to anybody. Also make sure you change your password regularly; like every 3-6 months, and you will be able to protect yourself from being trailed by a hacker.
2. Have More than One Admin Account
It could be 3 or more, and it could be only two. It is very important not to have just one admin account. The reason for this is that the first thing an hacker will do once they hack your blog is to change your details, and you can protect yourself by taking control through your other admin account.
Another thing you should realize is that this technique is just as dangerous as it is helpful, so make sure you prepare yourself for this; the more admin accounts you have on your blog, the more routes an hacker can take to get to you. To protect yourself from this, make sure the username and passwords for all your admin accounts are so unique and different, so that it will be difficult for any hacker to take control upon getting to your blog.
3. Install Plugin that Monitors Your Files and Notify You of Changes Immediately
You can also tell your hosting to help you configure your server to notify you in case there is any change in any of your files at any time, or you can look for a plugin that makes this easy.
A lot of little changes happen to our blog every day, but the reality is that some of them shouldn’t be. It is important for you to make sure you don’t come to know about any of these changes lately, so make sure you regularly monitor your sever and wordpress installation for any changes.
4. Scan Every Theme and Plugin You Want to Install
This is especially important if you download your themes and plugins from other websites online, or if you’re using cracked plugins and themes. You never know when a sleazy programmer will put a little code in your theme or plugin, or when that cracked software you’re downloading will be virus infected. Don‘t just wait to get hacked before you realize this, so make sure you scan every theme and plugin you want to install on a regular basis; scan them with your own antivirus before you install them.
5. Back up Your Blog Regularly
Don’t ever miss a day, because you never know when your blog will be hacked. One thing I have noticed in the hacking world is that, no matter how secure, there is nothing that cannot be hacked. Of course, you can invest time and effort into making your blog very secure, and you can even hire an expert to take care of this aspect. But the reality is,f if a group of hackers dedicate their efforts to bring down your blog, it will only last a few hours at best.
The best thing to do in a situation like this is to back up your blog regularly. Have at least 2 plugins/software that backs up your entire blog, and make sure you check regularly to ensure your files are properly backed up.
6. Use Different Passwords for Every Aspect of Your Website
For every webmaster you can have up to 3 different username and passwords for your hosting, and these 3 passwords can make it easy for you to recover your website in the case that you’re hacked.
*. The first password is for your hosting account; where you can see tickets, pay for hosting, and change your Cpanel details.
*. The second password is for your Cpanel; where you can access various parts of your website and make changes directly to your blog.
*. The third password is for your wordpress installation in itself; where you can add new posts, reply to comments, create new accounts, and update your blog directly.
The deadliest mistake any blogger can make is to make all 3 passwords the same, and you can protect yourself to an extent by making these passwords different.
You should also make sure all 3 usernames are different, and try getting your web host to help you change your details from the default one to something more secure..