How to make wordpress website secure ?

To make your wordpress website/blog secure from hackers and spammers you can :

1. Add Captcha in Comments, Login, Register : This will help your website from spammers who add comments and attempt logins using Robert class.
2. Auto backup of WordPress website (2 backup per week) : While creating wordpress website on your hosting do remember to switch on auto backup feature as this will help you to restore your website if hacked by someone.
3. Limit Login Attempt : This is a very good feature wordpress is giving. While creating wordpress website on your hosting you will get a checkbox to enable Limit Login Attempt. With this if someone is trying to login into your website’s admin panel with wrong password then after 5 wrong attempts, it will block that IP for sometime.
4. Make wp-config.php file non-writable: Always change the permission of wp-config.php file, that is available in your hosting File Manager to non writable only readable. By making this permission change you can prevent wp-config.php from getting affected by hackers.
5. Make .htaccess file not-writable: Always change the permission of .htaccess file, that is available in your hosting File Manager to non writable only readable. By making this permission change you can prevent .htaccess from getting affected by hackers.
6. Remove unused Themes and Plugins : We don’t know which theme or plugin is affected by hackers or in which theme they have ejected virus. So its better if we can remove unused themes and plugins from our wordpress panel.
7. Scan Themes and Plugins : There are multiple plugins available for wordpress (some are free and some are paid) that scans all the themes and plugins you have installed for virus ot Encyrpted code (which can be virus).
8. Strong Admin Panel Id Password :  Use strong Admin Id and password. Generally users user Id password as Admin/Admin which is very easy for hackers to guess. So its better to use strong user id and strong password.
9. Monitor website time to time : Always monitor your website’s status and website’s login attempts as this will help you to know about any unauthorized access.
10. Comments Approval : In your wordpress website never allow user to add comments without approval because that comment can have code or a virus that can be ejected in your website. You must change your website’s setting to ask for comment approval by admin before it is visible on website.