Here are some essential WordPress security guidelines that should be implemented on every WordPress website to protect against hacking attempts:

1. Limit Login Attempts: Protect your WordPress site from brute force attacks by limiting the number of failed login attempts. This prevents hackers from continuously trying to guess your login credentials. Example plugin: Limit Login Attempts Reloaded.

2. Rename Admin URL: Change the default WordPress admin login URL /wp-admin to a custom URL to make it harder for attackers to locate your login page. Example plugin: WPS Hide Login.

3. Change Database Table Prefix: The default wp_ table prefix is predictable and can make your site more vulnerable to SQL injection attacks. Change it to something unique to increase database security. Example blog: Change Table Prefix.

4. Add Security Salts: Security salts enhance session handling by encrypting your cookies, making it harder for hackers to steal login information. Add these to your wp-config.php file for improved security. Example plugin: Salt Shaker.

5. Remove WordPress Version: Hiding the WordPress version from the site’s source code reduces the risk of attackers targeting known vulnerabilities in specific versions. Example plugin: WP Hardening.

6 Add Blank Index.php Files: Prevent directory listing by adding blank index.php files in directories without one, stopping attackers from viewing the files in these directories. This can be done manually or automated with a security plugin.

7. Delete Readme.html and Install.php Files: These files contain information that could help attackers target your site. Deleting them after installation minimizes unnecessary exposure. Plugins like WP Hardening can help automate this task.