Always use the latest version of CMS, themes and plugins. Install updates in a timely manner – in them developers close vulnerabilities, which increases the security of the site.
Plugins and themes should be installed only from official sources. Often in “hacked” versions there are malicious inserts.
Use an SSL certificate for the site and set up redirection of all HTTP requests to HTTPS.
Regularly check passwords in the database of compromised passwords. If your password is in the database, change it immediately.
Use antivirus software on your local computer and regularly update antivirus databases.
Use only up-to-date versions of browsers.
If possible, use SFTP instead of FTP. Try to avoid FTP completely in the future.
Do not store passwords in FTP clients. Very often viruses take information from an FTP client. This information can then be used to hack the site.
What to pay attention to when choosing a hosting provider?
Pay attention to several components of protection, which should be mandatory:
- A reliable data center (limited access, redundancy of critical systems, etc.);
- isolation of services;
- antivirus protection;
- DDoS protection;
- automatic backup (an important tool that can be the last bastion in case of site problems).
The rest of the tools will be a nice bonus and additional protection. But all this combined with compliance with basic security rules will reliably protect your site.