This is meant to be an evolving document as I get time to update it and add more information.
Keeping your WordPress site safe can be explained in simple terms that any lay person can understand. There is no need for then“complicated” technical jargon its just a series of well defined security principles that have been around for years.
The first thing you need to understand is what value hackers gets from your defacing your site. No matter how large or small the site is they can reap profits in many different ways, but some of the the most common are inserting hidden back links to manipulate search engine results, botnets, and phishing expeditions. In the end its all about money or fame.
When you are in the planning stage of your site the first step is to come up with your disaster recovery plan in case something does happen. This should be a well defined set of steps of what to do in the event of an emergency and have all the information needed easily accessible.
After your site is up and running there are a few things that need to be done to put yourself on a good foundation. At the top of this list are keeping your site updated and having good backups.
In the event you are hacked its probably best to call a professional but here are the exact steps we take we would take.