Many people are worried about how to keep their site safe and free of spam and hopefully this will be easier to do than you think with a few tips that I find helpful:
1. Choose extremely complex username and password combinations both for your WordPress account and your hosting log in. If you are struggling with this, you can use an application like Lastpass to help you out. Remember also that you can create guest access to your WordPress site easily in the “user” tab so you don’t have to give your password away if you are getting support.
2. Keep your plug ins and themes updated! When you see a little number and two arrows in a circle at the top left of your dashboard top bar, it means that there are updates to run. Often when there is an issue with a plug in or a theme a new version is released, so keeping both up to date lowers your risk of experiencing technical problems.
3. Protect yourself against brute attacks – these are attacks in which hackers try a huge number of log in combinations automatically to gain access to your site. A plug in like BruteProtect will help you limit the number of attempted log ins to increase your safety.
4. Create regular backups of your site! This is a really good investment of your time and energy – if anything happens, you will always have the latest version ready to be uploaded again. Here is an overview of current backup plug ins. If you are looking for a free option, I can recommend BackWPup.
5. Choose a host that will set an SSL certificate up for you (this adds a little padlock to your url and ensures that your date is encrypted). You can also ask them how often they take back ups and if they’ll restore one for you for free should you ever need it, which is a great safety net.