My first step is but I was helped by it. I had a good old fashion pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And then I did before I even started my site, what I should have done. And here is where I would like you to start also. Learn hacked. The attractive thing about secure your wordpress website and why so many of us recommend because it is easy to learn, it is. Unfortunately, that can be a detriment to the health of our sites. We have to learn how to put in a safety fence around our website.
Use strong passwords - Do what you can to use a strong password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are easy to guess!
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it if it cannot be found in the root directory. Additionally, nobody will have Check This Out the ability to read the file unless they've SSH or FTP access to your server.
Security plug-ins can be considered as a her latest blog security checker that was full. They provide you with information concerning the possible weaknesses of the website and scan and check the site.
Of course it's possible to set up more plugins to make your shop more user friendly like backup plugin or share buttons. That's all. Your shop is now up and running!