We have seen many guides that list many steps that are claimed that you need to take to secure WordPress. There are also companies out there that will charge hundreds of dollars to secure your WordPress installation. But the truth is that there is only one fairly simple step to secure WordPress, keep WordPress and any installed plugins updated. The developers of WordPress agree with us, in blog post about keeping WordPress secure they said:
There is only one real solution. The only thing that I can promise will keep your blog secure today and in the future is upgrading.
The upgrade process involves making a backup of the websites files and database, disabling plugins, and then performing the update of the WordPress installation. WordPress provides a helpful guide that detail the process. If you are currently running version 2.7 or above, WordPress includes an Automatic Update feature that takes care of the updating part of the upgrade for you. If you are running version 2.6.5 or below, you made need to make one or more incremental upgrades to avoid potential issues. If you need help upgrading, especially if you are currently running a very outdated version, we can perform the upgrade of WordPress for you.
Will This Protect You From All Hackings?
The simple answer is no. Many hackings occur because of the FTP credentials for the website have been compromised or through a hosting provider being hacked. Nothing you do to WordPress installation will prevent these from happening because they do not take advantage of a vulnerability in WordPress. You can find our suggestion on the steps the steps you need to take to prevent those types of hackings here.