Security best practices.

  1. Keep up with the latest WordPress version updates.
  2. Be sure you use a strong password, and not the same password you use on other sites.
  3. Scan your site regularly. Do not allow comments to be posted without some oversight. Do not allow guests to post or upload images or files without your knowledge.
  4. Make and archive ongoing site backups (see BackupBuddy for a professional approach,
  5. Have your ISP block all non-US traffic on your server if you are a local/regional business (may require an advance web host package).