You don’t necessarily have to become a WordPress security expert in order to keep an eye on the safety of your site. There are plugins that help do that for you!
Wordfence Security Plugin by FEEDJIT is an easy-to-use, but thorough security plugin to help protect your WordPress site from all kinds of nefarious behavior. The plugin options may seem overwhelming at first, simply because of the amount of customization and security auditing you can do with it, but even the defaults vastly improve security coverage. Remote security scans and phone support are available through a very affordable premium version.
When you first set up the plugin, we recommend running a Wordfence Scan, which will give you a good overview of any potential security problems throughout your site, and help you fix those issues as well. To run this scan, click on Wordfence from your sidebar options. That will take you to the Wordfence Scan screen where you can click the “Start a WordPress Scan” button, as shown below.
The scan runs on this page and when it is complete, you’ll see the results toward the bottom of the page. Wordfence lists any issues found during the scan under the “New Issues”, along with details about the issue, and options to resolve them.
Do note that automatic scans are turned on by default, with both the free and premium versions of Wordfence, but you can run scans manually, at any time, by following the steps above. With the free version of the plugin, Wordfence Scan is run once, every 24 hours, at a random time, but with the premium version, you can customize the time and frequency of scans. To ensure this setting is activate on your site, go to Wordfence —> Options screen, and make sure the check box is checked for “Enable automatic scheduled scans”.
Another feature we find very helpful from Wordfence is the ability to block attempted admin logins after a number of attempts in a small amount of time. This can mitigate common attacks on WordPress sites very quickly. You can set this up by going to Wordfence —> Options and then, scrolling to “Login Security Options”. There you can set the maximum amount of attempts allowed before users are locked out or blocked, and set the amount of time for which they are locked out and blocked.
This plugin comes with several other security features that can help keep your WordPress site safe. You can easily install Wordfence through your WordPress plugins page, or check out more information here.