Keep Updating the WordPress as and when asked
All new versions of WordPress has patches to the deficiencies of the previous version and hence it is advised to update the WordPress as and when it is recommended. By updating the WordPress you can address some of the potential or real vulnerabilities. Most of the hackers tend to understand the loop of the old versions of the WordPress and get a way to hack the sites using the old version through that loop. So the bottom line is to keep the WordPress updated, always!
Revoke the access to your Plug-ins and other directories
Many a times the blogger do not keep their WordPress plug-ins directory secured and chances of having the vulnerabilities are very high. When you visit www.your-domain.com/wp-content/plugins/ from any browser, it shows all the Plug-ins that are being used. These are the ways for the hackers to enter into your site and cause damage. It is advised to use a .htaccess file or even to upload a index.html blank file to that directory in order to revoke the access to these directories.
Always be aware of the uploads that you make to your blog
Whenever you upload anything say a theme, a plug-in, or even a normal script to your blog you need to be very careful as this can damage your site if it is designed to do so. Upload only the authentic content on your site and never download the plug-ins or themes from torrent or any such file sharing sites. The content on such websites and portals can be disguised in the form of theme or plug-in and can cause severe damage to your site when uploaded to your server. Hence Always be extra-careful while uploading anything to your blog.
Keep your username hidden from the author archive URL
A way through which a hacker can attempt to gain the access to your username is through the archive pages on your site. WordPress by default shows the username in the URL of your author archive page. Hence it is advised to keep the username hidden from the author archive URL.
Always have a backup
Many people do not emphasis on the backups until they get harmed once. You never know what can harm your website at what point of time regardless the best security measures, and hence keeping a backup is a safe option. You can easily restore your entire site in a very short span if you have the backup ready.
To Summarize, one should hire a WordPress Development Company which understands the security aspects of the website and can adhere to furnish the points mentioned above, before delivering the final website.