Security on the web is ever-evolving but there are the basics that will never die. First and foremost be smart about your user names and passwords. Don’t leave them lying around for prying eyes and don’t make them easy to remember (that makes them easy to guess). Above and beyond that, I always use these 3 things;
Read The Reference Guide on WordPress.org
There’s an article on WordPress.org called Hardening WordPress – this is where the latest standards are kept. This reference guide will walk you through all the various levels of security ranging from protecting yourself from hackers and restricting access to specific IPs, users, and so on.
You Need A Malware Scanner
Some web hosts already offer a malware scanner with their service but there are plenty of free WordPress plugins that offer Malware scanning. My favourite is Defender, I love it’s notifications and configurations. It is multisite compatible and very flexible.
Get A Firewall
Again most web hosts have their own firewall but then there are “WordPress firewalls” and if I were to make any recommendations here it would also be to install Defender. It will lockout any known hackers or any IP addresses that try to access back-doors.