WordPress is designed for creating secure websites. That’s one of the reasons it’s so popular. Keeping the site secure, though, requires good hosting practices. It’s important to choose a host that does it right and then set it up properly.
If it isn’t kept safe, you might someday discover your site’s content has changed. Worse yet, it might become a channel for depositing malware on the computers of anyone who visits. This will get your site blacklisted, as well as getting a lot of people mad at you.
Staying secure is vital for any business site. If your site redirects people to a malware or porn site or starts displaying embarrassing pop-ups, it will quickly ruin your business’s reputation. If you use the site for e-commerce, the results could be even worse. Criminals could grab personal information on your customers.
The installed version of WordPress needs to stay up to date. Flaws turn up occasionally, and they get fixed in new releases. An old version has multiple vulnerabilities that every hacker knows about. It may be the host’s responsibility or yours to keep it up to date. If the host is supposed to, make sure it’s happening. If you have to do it yourself, don’t fall behind.
Your site should be set up to limit the number of login attempts; otherwise, an intruder can try an unlimited number of password guesses. The “Limit Login Attempts” plugin will block login attempts after a number of failures which you can specify.
Attacks can wipe out your site, and sometimes an incompatible upgrade will break it. Be sure that your host performs regular backups or gives you a backup option that you’ll use. You don’t want your site to be down for days while you rebuild it.
The bigger picture
Your host needs to maintain a safe environment in general, with a good firewall. If intruders can get at your file system, they can do anything to the site, even replacing it completely with their own content.
You need a secure HTTPS connection. If you use a free hosting plan or the cheapest one, secure connections might not be available. Every time you log in to that site, you’ll send your password as cleartext, where someone might pick it up as it travels through the Internet. It’s worth paying a little more for a secure server. Having one will give you an SEO boost as well.
Choose your hosting well, and you’ll have a safer site.