A tip to be sure is never bad, especially when, although they are quite logical, they remind us that sometimes we sin to sleep in the laurels when everything works well …
In WPThemesPlugin published some very useful tips to avoid a hack, which we can add to all of us who come publishing to date, we add these four:
Have the latest version of the software.
This should apply to both WordPress and plugins.
Luckily now the plugins panel warns us when we have an outdated one:
… and offers us the link to download
Disable and remove what we do not use.
It would be something unfortunate that hackeen a blog for a plugin that is not used, but it happens.
The rule assumes that the more software we have installed, the more likely we are to be vulnerable to an attack.
So the best thing we can do in this case is to uninstall any plugin that do not use, also step, take the opportunity to clean the blog removing those themes that we ever load "to try" and finally delete those posts that were eternally draft, do not happen again as the vulnerability known in 2.3.2 …  Only download and use trusted code.
Download WordPress from the official site, and plugins from the site of its creators.
Why should I pay attention to this guy?
Because, being open source, anyone with programming skills can insert their own code and redistribute it, and after that, most of the unsuspecting mortals for not following this guide use You can use a plugin or the same CMS without realizing that you have a Trojan-sized backdoor.