Schedule complete backups and send them to off-site destinations encrypted.
Limit the number of failed login attempts allowed per user. If someone is trying to guess your password, they’ll get locked out after a few tries.
If someone manages to get into your site, they’ll probably add, remove or change a file. Get email alerts showing any file changes so you know if you’ve been hacked.
Users are required to enter both a password AND a second code sent to a device like your Android smartphone or iPhone.
If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. The IP will be locked out after the limit you set
Add a strong password generator to user profiles, set minimum password character limits and enable password expirations.
Make sure your site has not been infected by Malware, by running regular malware scans.
Keep bad users away from your site if they have too many failed login attempts, a lot of 404 errors or if they’re on a bot blacklist.
Add an extra layer of protection to the WP login, user registration and comments with Google’s reCAPTCHA.