Nowdays wordpress sites are getting targated due to weak security. To secure wordpress sites, the website owener should follow below security steps :-
1) Do not install pirated themes and plugins.
2) Always Update wordpress version time to time.
3) Always update plugins/themes wordpress time to time.
4) Always use strong password for wordpress admin dashboatd.
5) Always install google captcha plugin for wordpress admin panel and new user registration.
6) Always hide wp-admin directory by installing WPS Hide Login plugin.
7) Add Basic HTTP Authentication (htpasswd protection) for wordpress admin dir from cpanel >> password protect.
8) Always delete unwanted thems/plugins.