Since my WordPress site has been compromised few months back I have been advised to take certain steps in order for this not to happen again so that I can just enjoy a working site without any interruptions. Here are few tools that have helped me to keep my site healthy and happy:
Super useful plugin that allows you to scan your website for vulnerabilities. It will tell you where the problems are and potential suspicious files or plugins that you should look into. This was my main tool when figuring out what was wrong with my site. On top of that it can block certain attacks like malicious code upload and it also will send you an email every time the admin logs in. It has some other interesting features and you can even get the pro version. However the free options seems to be good enough for most.
2) All In One WP Security:
Another security oriented plugin that I got for one particular feature really. It is found in the main set of options and is called: Filesystem Security. It will identify and allow you to fix file permission issues for you without the need to figure out what all of that chmod stuff means 🙂
3) Change wp-admin login:
A neat plugin that will change the default yourdomain.co.uk/wp-login.php to something else of your choice (example: yourdomain.co.uk/carkeys) to make it a tiny bit harder for bots to try and guess your password as they first would need to figure out your login page url.
Rather obvious tip. Remove all of the stuff that you do not use. This includes getting rid of plugins and themes that are not a part of your page but could have been used at one stage (like trying out stuff when building your website for example). Also make sure you are up to date with the WordPress updates.
The good thing is that none of these plugin require you to be a full stack web developer in order to use them. The Wordfence especially will guide you a bit and tell you exactly what the problems are. Also never forget the power of google when you get stuck. Good luck!