said 7 months, 2 weeks ago:
@geoffrey-gordon The advice you got from @kristi-hines is right on. Use the info in the WordPress codex to educate yourself.
Earlier this year, my business website was hacked 4 times in 3 months. During that time, I got quite an education. But even after I learned all I could, and followed everything I had learned, my site was still hacked one more time. In spite of my best efforts.
With that hack, I learned that some plugins leave the back door standing wide open. It’s hard to find which plugins are so poorly written that they introduce security risks. But they exist, and you might be using one (or more) of them.
In the end, I purchased a year of protection from Sucurri for just under $100. They monitor my site and let me know when they find it has been hacked, which happened one other time. They agree to fix it within a few hours, I think within 4 hours.
If you have a serious business site, not just a hobby site, where you are generating income and providing services 24/7, you need to address WordPress security. If it doesn’t matter if you site goes down for a day or so, and you have a habit of creating nearly daily backups so you can restore, you are okay, too.
I recently discovered that WPEngine, a WordPress managed hosting service, includes the same services I get from Sucurri in their monthly hosting fee. FYI