WPBeginner, a website for beginner guides to WordPress, has published an updated and comprehensive guide to WordPress security – “The Ultimate WordPress Security Guide – Step by Step (2017)“. Most of the things are well known to seasoned WordPress users – keep things updated, use strong passwords, remove unnecessary plugins, make sure to pick the right hosting, add security enhancing plugins, etc. But it’s a good place to start for people who are not too technical and those who don’t think about security implications of having a publicly accessible website on a daily basis.
There are plenty of questions, answers, simple explanations, and links to other resources in the article. So even if you are an experienced WordPress user, you might find a useful thing or two in there.
You might also want to checkout my earlier blog posts: