When i created my first WordPress website, after a couple of months i got an email that “my wordpress admin password has been successfully changed.” I panicked because i had not changed it myself. Turned out some wild hackers had successfully broken the WordPress Admin password by using some SQL injection techniques.
The point is WordPress hacking is a routine thing. Especially in case of beginners who are not even aware of the basic WordPress security settings and how to configure these.
Mercifully, there are WordPress plugins for such noobs and they can secure their WordPress websites without doing anything technical on their part. There are many WordPress security plugins but personally i like tow of these and they have always stood by my side and my websites have never been hacked since i started using these WordPress security plugins.
The first plugin that I use myself and would also recommend for every beginner is Wordfence Security. By using this plugin, you can set the basic security parameters automatically and Wordfence starts protecting your WordPress website. It is unique in a way that it keeps data of other Wordfence Security installs and offending IP addresses and automatically blocks these even before these attack your website. There is a premium version of the plugin too but for most purpose the free Wordfence security plugin is enough.
Another WordPress plugin that I recommend is WordPress Firewall 2. This is the best plugin that removes any offending parameters when tried in the URL. Most kiddi scripting hackers try to use SQL injection to hack WordPress websites. WordPress Firewall actively addresses this threat and blocks any offending URLs being tried on your website.
With these two WordPress security plugins you can secure your website in under 5 minutes and have peace of mind that you are secure against more than 90 percent threats. However, always keep your WordPress, themes and plugins uptodate to guard against any inherent vulnerabilities in these old versions. And your web host should also be regularly updating the server by patching it for security issues.