Wordpress is very popular open source bloging and CMS platform, but unfortunately being popular means a lot of security problems.
The most important security tip is not to use a nulled theme or plugin, nulled software means you download a paid software for free, this software (themes or plugins) are always come with a malware attached to it.
Animated tutorials will help you secure your copy of wordpress
1. The most effective way to secure Wordpress is to keep it up to date, it will not take more than 30 seconds from you to get latest Wordpress installed:
2. There is a nice Wordpress plug-in to remind you when Wordpress release a new version:
If you used the Wordpress installer in cPanel to install Wordpress then you can skip the previous 2 steps. The installer will keep your Wordpress up to date.
3. And remember to upgrade any installed Wordpress plug-in too:
when you choose a plugin or theme to install, be sure its already up to date, for example, never install a plugin or theme that did not receive any update since 2 years
4. Hackers usually look for security holes on a specific versions of Wordpress, they use Wordpress Generator Tag to find their targets, it will be very helpful to disable this tag in your Wordpress installation
Your Wordpress get hacked?
5. Reinstall Wordpress, you can do that from your Wordpress dashboard > Updates and click the "Re-sinstall Now" button, this will force reinstall wordpress core files without removing your posts and settings.
6. Find hacked files and back doors:
Wordfence is a powerful Wordpress plugin that will help you to find any modified core file or any suspicious files in wordpress installation, you can install it direct from your Wordpress Dashboard, Plugins menu.
7. Reset your Wordpress admin password:
8. Its highly recommended to remove the default "admin" user and create your own administrator user:
Also, check if there is any additional Wordpress user you did not create, some attackers leave a wordpress user to attack you later!
9. Be safe and reset the Wordpress DB logins:
10. Finally, subscribe to the Wordpress Scan Vulnerability Database to receive alerts about the new vulnerabilities found in Wordpress core software, themes or plugins. You can also search the DB for your current installed plugin vulnerabilities.