- Install SSLEncrypt traffic and show the padlock.
- Use strong passwordsLong, unique passwords for all accounts.
- Enable 2FATwo-factor authentication on admin logins.
- Keep software updatedUpdate CMS, themes and plugins promptly.
- Remove unused pluginsDelete anything you don't actively use.
- Set up a firewallUse a security plugin or WAF.
- Automate backupsRegular, off-site, tested backups.
- Limit login attemptsBlock brute-force attacks.
- Restrict user rolesGive minimum necessary permissions.
- Scan for malwareRegular automated malware scans.
- Secure hostingUse a reputable, secure host.
- Monitor uptimeGet alerts if the site goes down.