How to secure a WordPress site?

Keep WordPress core, all plugins, and themes updated to the latest versions. Use strong, unique passwords and enable two-factor authentication for all admin accounts. Install a security plugin that provides firewall, malware scanning, and login protection. Disable XML-RPC if not needed. Restrict the REST API to authenticated users. Change the default wp-admin URL. Set proper file permissions (644 for files, 755 for directories). Add security headers through your hosting configuration or a plugin. Remove unused themes and plugins. Configure regular backups. UNPWNED identifies the specific vulnerabilities in your WordPress site and provides prioritized fix instructions.