There are some basic security measures every WordPress user should be aware of.
Simple passwords and passwords using dictionary words can be cracked by automated tools. Google provides a useful guide to creating strong passwords. The Jetpack plugin has a module called Protect can prevent automated password cracking attempts.
Always run the latest versions of WordPress, your theme and plugins. This way you can be sure any security related updates that have been made are applied to your site. WordPress has one-click updates to make this easy. A plugin like WP Updates Notifier can send you an e-mail when new versions are available.
See our guide on Updates for more information.
Every website should be backed up on a regular basis. Read our recommendations for Backup Solutions.
Enable HTTPS / SSL
Every website should use https:// instead of http://. You can make this switch by installing a free SSL certificate. Read HTTPS for WordPress: Auto-enable SSL for Free to learn how to set this up for free in three simple steps.
- Eight Things You Should Do After Building Your WordPress Site touches on security in more depth.
- Read Hardening WordPress on the WordPress Codex if you would like even more details.