- Update wordpress
- Update plugins and themes
- Delete any unused themes and plugins
- Audit user list
- Login security
- askimet
- delete “admin” acount
- use complex passphrases
- captcha on all forms (comments, registering, login, etc..)
- understand file permissions
- use sftp or ssh to transfer file or modify permissions (regular FTP does not use encryption)
- Use SSL when doing administration on your site (regular login does not use encryption)]
- Jetpack / Cloudflare
- Backups
