and how do you keep those sites malware and spam free?
I have ran into problems getting my site hacked (I suspect worms) and I don't even know how it happened or how to protect my site from it happeining again
Regarding spam, if you are experiencing DDOS then CloudFlare (or alike) can be used. If you are referring to comment spam on the WordPress blog there are plugins to mitigate this[1][2].
For brute force login attacks, use recaptcha[3] or TFA[4].
Security by obscurity is not always welcomed, but I tend to change my WordPress login URL's from '/wp-admin` and never use 'admin' or 'root' as a username.
There is nothing you can do about WordPress remote execution bug's or worm attacks. If your version is affected you are going to have a bad time. Just remember to keep your WordPress installation up to date and jail your WordPress files and web processes as a regular user (ex: www-data) and database credentials as a non-root user.
Regular backups. It is fairly easy to restore a WordPress site from a backup if the site ever is hacked.
I apologize if I didn't answer your question. This is a not an easy problem and WordPress is one of the most targeted web platforms out there.
For brute force login attacks, use recaptcha[3] or TFA[4].
Security by obscurity is not always welcomed, but I tend to change my WordPress login URL's from '/wp-admin` and never use 'admin' or 'root' as a username.
There is nothing you can do about WordPress remote execution bug's or worm attacks. If your version is affected you are going to have a bad time. Just remember to keep your WordPress installation up to date and jail your WordPress files and web processes as a regular user (ex: www-data) and database credentials as a non-root user.
Regular backups. It is fairly easy to restore a WordPress site from a backup if the site ever is hacked.
I apologize if I didn't answer your question. This is a not an easy problem and WordPress is one of the most targeted web platforms out there.
1. https://wordpress.org/plugins/si-captcha-for-wordpress/
2. https://akismet.com/
3. https://wordpress.org/plugins/wp-login-recaptcha/
4. https://wordpress.org/plugins/wpclef