Here’s a good checklist of the ten things you should be doing to keep your WordPress site secure…
1. Use secure hosting
Make sure your hosting company is legit and secure.
2. Update all the things
Keep all plugins and themes up to date and always keep WordPress up to date.
3. Strengthen up those passwords
“Password” and “123456789” are the most common passwords in the world, don’t use them.
4. Never use “admin” as your username
Don’t use your email address as your username either.
5. Hide your username from the author archive URL
Make sure your username is not your author name.
To round out the top ten….
6. Limit login attempts
7. Disable file editing via the dashboard
8. Try to avoid free themes
9. Keep a backup
10. Use security plugins
Details on the top ten are right here, in the article “Improve your WordPress security with these ten steps“…