
WordPress:
• Keep updated to latest version; plugins, too
• Have an auto backup service
• Run site on an SSL (secure socket layer)
• Enable 2-Factor Authentication on login
• Have Malware Detection and removal service
Non-Wordpress:
• Always have a reliable developer on-hand (not easy to find)
• Have an auto backup service
• Backup database copy to an independent resource (rsync.net)
• Run site on an SSL (secure socket layer)