Hello, I have recently had spam URLs inserted into the php files on my WordPress site - all wordpress and plugins are up to date, and all passwords have been changed and the content has been clean. The hosting company says the server has not been compromised. Bearing in mind these details, I'd like advice on how to make the site more secure, but balancing the cost with the risk. If chosen, I would have the developer implement the suggestions they make.
Security is not a single day job, so I will need time to work with you.
You will need login plugins and IP banning things and also your servers PHP file will be needed to be revised.
Let me know