I just discovered that one of my older domains that we scarcely use anymore but still receives trickles of traffic from time to time with it a number of affiliate sales per month had been hacked. All of the files have been deleted, and just what was worse was that when I investigated the site I discovered that I hadn't supported the database in quite a while. Therefore I urge everyone to celebrate and recognize today as WordPress Safety Day beside me by following these 4 WordPress security tips.
I hadn't backed up that site which got hacked in more than a year. This is inexcusable considering there are lots of free plugins which allow you to schedule backups. I couldn't even find a recent backup from my hosting provider whom I set the database up with, either.
I recommend that you use a backup plugin such as WP-DB-Backup. It is a free plugin and one of my favorite WordPress plugins for 2012 which although it was not updated in awhile it has got the job done for the reason that you can select the precise files which you want to support and only create backups on demand or you can schedule these to be emailed to you once every hour, day, week, etc. so that you know any time you've any issues (security or technical) with your site you'll have that backup.
You can even backup your site through your hosting/database provider and it's advisable because copying your database means backing up all of your posts, pages, plugins, and preferences. I recommend that you simply go on and backup all of your sites now.
It can be annoying to obtain bugged by WordPress to update to the latest version every week approximately, but WordPress updates are paramount to the security of the site. Hackers are always looking for ways to compromise WordPress' security and discover a method to get into your site for their own amusement or gains, which is why it is important that you simply remain up-to-date with WordPress' updates because they create these updates in part to fix compromising errors and holes in their security that could be exploited.
You need to limit the permissions for your various files and folders which will make your site whenever possible yet still be in a position to operate and function properly. You can alter the permissions to read, write (which means read), and execute (which refers to read, write, delete, change) your files and folders with regards to you, an organization, or everyone. The less permissions you are able to allow, the more secure your website will be, but certain plugins which require use of certain files can't unless they've permission.
Finally, make sure to change your passwords every so often. It's a good habit to get into writing down your passwords for the login, database, etc. and updating them each month approximately if possible. And you've probably heard this thousands of times from anyone you retain passwords with, but avoid simple to crack identity related passwords. A great password is comprised of numbers, letters (upper case and lower), and symbols.
I recommend putting all of your WordPress login URLs of your various sites into one bookmarked folder in your browser so that you can open them all at once and don't forget to backup, update them, restrict your permissions, and alter any passwords monthly, even the ones which you rarely used anymore.