If you've had 5 sites hacked, in a short space of time, you're doing something seriously wrong. That may sound harsh, but there is clearly something wrong here. If everyone had the same as you, then no one would be using Wordpress. In years of using wordpress, I've had 1 site hacked, as I installed a plugin that came from a dodgy source.
It is simple to protect Wordpress, and just a few tips to help:
- Always use the latest version, and update it when it says it has updates. Only install it from the genuine source, or softalicious on your server etc.
- Only download plugins from wordpress itself. Don't install from anywhere else.
- Only install ESSENTIAL plugins. The mroe you have, the greater chance of exploits there is. As an example, my site with the most plugins, has 8, the least has 3.
- NEVER have a user called 'Admin' or any word containing admin.
- Make sure that passwords are strong, and conTain CaPiTals and 653 £$)
- Install, configure and learn how to use WordFence, this can block the brute force, fakes and those attempting to access pages that aren't there.
If you do above, and still get hacked, then there should be questions asked about your hosting.