Year and a half educated us that WordPress security should not be taken lightly by any means. Between 15% and 20% of the world's high traffic websites are powered by WordPress. The fact it is an Open Source platform and everyone has access to its Source Code makes it a prey for hackers.
repair hacked wordpress site Watch out form submissions. You may useRegexp to process the data from forms. You can also define preloaded variables as type data in the kind of checkboxes, radiobuttons etc..
I protect an access to important files on the site's server by placing an index.html file in the particular directory, which hides the files from public view.
It represents a task that is necessary while it's an odd term : making a WordPress backup of your site to work on offline, or in the event something should go amiss. We are not simply being obsessive-compulsive here: servers go down every day, despite their claims of 99.9% uptime, and if you've had this happen to you, you know the fear is it can cause.
Imagine if you go to WP-Content/plugins, can you see that folder? If so, upload this blank Index.html file inside that folder as well so people can't see what plugins you might have. Because even if explanation your version of WordPress is up to date, if you're here using a plugin or an old plugin using a security hole, someone can use that to get access.
I prefer using a WordPress plugin to get the job done. Just make sure that the plugin you select is able to do select backups, has restore and can clone. Also be sure anonymous that it is often updated to keep pace. There's absolutely no use in not functioning, and backing up your data to a plugin that's out of date.