WordPress is installed on so many websites now, the global reach is comparable to a company like Microsoft. You probably already know the word malware from PC’s and computers. Computer viruses have been around a long time, as well as virus scanning software. With the Internet age came spyware (programs that spy on what you do and send the details to a remove computer), as well as anti-spyware computer software.
Best way to protect your WordPress from malware
1) Reset your password:
Regularly reset your WordPress admin, FTP, and web hosting control panel passwords every 30-60 days. Be sure to use a 12+ character strong password. Never use the same password at multiple websites or for multiple accounts.
2) Update Everything:
To keep WordPress itself updated, and all plugins and your theme as well at all times. Check to see if your theme has an update available if you purchased it from a developer or a theme house. Have it reviewed by a competent WordPress developer once per year for vulnerabilities if it was custom coded.
3) Limit Access:
Limit and give admin access to only those with a “need to know” basis within your WordPress website.
4) Remove unused items:
Always remove all themes and plugins that are unused and inactive. In addition be sure to remove any plugins that haven’t had an update in 12-18+ months or more.
5) Setup alerting and monitoring:
web hosting companies are all kinds of free services that will alert or monitor you if your website is down.
6) Register with Google Web-master Tools:
If you register with Google Web-master Tools and they find malware in your website, they will notify you via email. Keep in mind by the time they notify you, your website could have been infected for days or weeks.
7) Update wp-config security salts:
Since before version 3.0 the wp-config.php file of every WP installation has contained security salts and a URL to get random ones to update the file with. Be sure to update your wp-config file.
8) Install and configure a security plugin:
Setup and configure an all-inclusive security plugin, something like Better WP Security or Secure WordPress.
9) Setup and test a backup solution:
You can use a free plugin, premium solution, or web based service to backup your website to an offsite location for recovery in case you are hacked, or something at your web host goes down. This is even protection against issues if you upgrade WordPress or plugins and a conflict takes your website down. At least with an option like this, if you are taking regular versioned backups, you can easily revert to the last known good version.