Use a WordPress firewall
Enforce strong WordPress password policies
Install a file integrity monitoring plugin
Keep a log of all changes that happen on WrdPress
Keep WordPress core, all the plugins, themes and software you use up to date
Use SSL Certificate (Https)
- Encrypts the traffic between the web server and the web browser
- Certificate Authority (CA): It contains cryptographic proof that an entity trusted by a browser can vouch for that website's identity. It's in-built security features to make it challenging to spoof.
- Three different types of certificates can be obtained: Domain Validation (DV), Organization Validation (OV), Extended Validation (EV)
- Let's Encrypt a non-profit certificate authority run by Internet Security Research Group (ISRG) provides HTTPS certificates for no charge to everyone. It's the largest CA on the Internet. The certificate is valid for 90 days, but it uses ACME protocol which allows automatic certificate renewal.