Hello James,

Yes, you can secure your wordpress website by using some plugins like iThemes Security (formerly Better WP Security), Wordfence Security or Wpsiteguardian. Also use username and password characters that is strong use lowercase and uppercase together with number and signs.

Wordpress sites get hacked all the time. Every year there is some news about WP plugins with security vulnerabilities. Usually, hundreds of thousands or even a million WP sites are affected by the time they discover the vulnerabilities.

Last year a whole bunch of WordPress Plugins were vulnerable to Cross-site Scripting (XSS). It was due to the misuse of the add_query_arg() and remove_query_arg() functions. These are some very popular functions used to modify and add query strings to URLs within WordPress.

This is the list of plugins that were affected last year:

Jetpack
WordPress SEO
Google Analytics by Yoast
All In one SEO
Gravity Forms
Multiple Plugins from Easy Digital Downloads
UpdraftPlus
WP-E-Commerce
WPTouch
Download Monitor
Related Posts for WordPress
My Calendar
P3 Profiler
Give
Multiple iThemes products including Builder and Exchange
Broken-Link-Checker
Ninja Forms

I have no idea why anyone would want to use Wordpress...

[DELETED]

Using security plugins are the best option to integrate and keep the website secure. But apart from this you must also have the secured server where you are hosting your website such as HTTPS protocol.

For any upload folders make sure only content goes in there allowed,
depending on your web server you can configure per directory to only allow certain files

drop .htaccess file in the upload directories...sure they have some scripts that are written for this purpose already

you don't want files upload to the server that can gain access to your hosting account

1. Install each WordPress update as soon it becomes available.
2. Keep the number of Plugins on you site to a minimum and ALWAYS DELETE - not just disable - those plugins no longer in use.
3. Upgrade the plugins on your site as soon as updates become available.
4. Choose difficult passwords and change them regularly.
5. Back up your site data daily, weekly or monthly, depending on how often information changes on your site.
6. Use .htaccess to protect your WordPress site. -- If you are not comfortable with code - ask your WP Developer to show you how to do this, or have your developer do it for you.

Once these site 'hardening' practices are in place, it is time to look at Security plugins to monitor your WordPress core files and traffic.

I would recommend you to go with All In One WP Security & Firewall plugin. It is the best and you won't need to worry about your website's security at all.

[DELETED]

[DELETED]

Have a look at a dedicated WordPress host like FlyWheel.
If your site get's hacked they fix it for free:
https://getflywheel.com/why-flywheel...ress-security/