As some will know, I've praised WordPress a lot since I started using it, just 14 months ago. It's easily one of the best CMS/blogging system out there and it's completely free to use.
However WordPress is an open source project, and because of that it has its vulnerabilities. It's not the most secure in the world, but usually it's good enough. Thankfully if there are any vulnerabilities found, the people who build WordPress, Automattic, update WordPress pretty quickly to fix those vulnerabilities.
But you can never be too secure. Here are some basic WordPress security tips which will help you keep your site safe.
1. Keep everything up to date, always. If there is a new version of WordPress, update it as soon as possible. Usually you'll be notified in the dashboard that there is a new version of WordPress and updating is usually a very smooth and quick process.
You also need to keep all your plugins up to date. Plugins can get very easy access to nearly anything in your WordPress installation. If a hacker has found a vulnerability in a plugin which you're using and they know you're using that plugin, they can easily carry out some disastrous actions.
2. Use a reliable hosting service. I use MediaTemple to host UltraLinx. They're not cheap at all, however they are very high quality and very reliable. Most sites will do fine on HostGator or GoDaddy at first, but if you were to expand, MediaTemple is a good option.
3. Only get plugins from reliable sources. I hear of many stories where a person has downloaded a pirated plugin or got a plugin from a downright fishy site, they install it, and then they're whole WordPress installation breaks. It's an absolute nightmare. Seriously, you're a lot better off buying a plugin, then risking your whole site.
4. Use a different password! This one everyone should know already. The password you use for WordPress, make it different from any other password you use.
5. Move the wp-config.php file up one directory. It'll then be outside of the main folder where WordPress is installed. Then change the permissions for the file to 400. This will then block public access to the file.
6. Backup your site every day. I cannot stress how important this is. If your WordPress site is very important to you and is maybe even your business, backing it up is hugely important.
A great plugin which enables you to create backups everyday and store them wherever you like is BackupBuddy. I recommend BackupBuddy for small WordPress sites which don't have too much content.
VaultPress is the one I use for UltraLinx. It's made by the same people who make WordPress so it's undeniably one of the best. It creates a backup nearly constantly, every time you make a new post, a new comment, upload a new file or make a revision, it'll back up your site after you've made the change. It then makes 11 copies of your backup and will store it on their servers for you. My site is around 10GB in size so it'd be a nightmare downloading and uploading all that if my site were to go down. This is why I recommend VaultPress because they store it all for you, and when you want to restore the site, you can do so from their servers.
7. Use a security plugin or service. There are many reliable security plugins available for WordPress, there are some very good ones on CodeCanyon.
However the service I use is Sucuri, they're true Wordpress experts and will take care of you very well. If you find a problem or think your site has been compromised, they will scan all your files for you, going through all folders, just checking to make sure there are no unwanted files on your server.
Those are some basic tips which will help you secure your WordPress site a little more. Of course, nothing is ever fully secure, hackers will always find new ways. But as long as you keep up to date too, you should usually be OK.