A half and year taught us that WordPress security should not be dismissed by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everyone has access to its Source Code makes it a prey for hackers.
fix hacked wordpress will also tell you that there is no htaccess in the wp-admin/ directory. You can put a.htaccess file if you wish, and you can use it to control access to the wp-admin directory or address range. Details of how to do this are readily available on the internet.
Should the server of your site go down, everything you've worked for will proceed with this. You will make no sales, get signups or no traffic to your site, until you get the website back up again and in short, you are out of business.
There is a section of config-sample.php that is headed"Authentication Unique Keys." There look at this web-site are four definitions which appear within the block. A hyperlink is inside that section of code. You need to enter that link in your browser, copy the contents which you return, and replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your site.
Now we are getting into matters specific to WordPress. You have to rename it to config.php and alter the file config-sample.php, when you install WordPress. You need to set up the database facts there.
Those are three things you can do to keep Home Page WordPress secure without plugins. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.