The theme and plugins that you install might have vulnerabilities that could be used to seriously harm your website and business. Cross-site scripting attacks are particularly nasty. There are many ways to stop them but most people don’t take action before it is too late. For starters, I do encourage you to keep up with top WordPress security blogs to make sure you catch vulnerable plugins early. These 5 XSS plugins could also help make your website more secure:
Sucuri: Sucuri has been one of our favorite WordPress security services for quite long time. You can install this premium plugin to harden WordPress fast. The CloudProxy service offers you even more protection. Not cheap but worth the money for established businesses.
BulletProof Security: one of the best WordPress security plugins around. It can help protect your website against many types of attacks. You get login security too. Make sure you do your homework before making changes to your .htaccess and site settings with this tool.
SmartFilter Security: a XSS plugin we had the chance to test a couple of months ago. It is designed to protect WordPress sites from malicious code injections in your posts and comments. It is a freemium service.
NinjaFirewall: a web application firewall for your WordPress site. It scans, sanitizes, and rejects malicious requests. It protects scripts inside blog installation directories and sub-directories.
LogPress: this is a useful plugin for those of you who want to keep an eye on login attempts, SQL queries, and errors to identify security holes before they are exploited.
The above plugins protect your website against XSS attacks. You still need to keep an eye on what you install on your server though.