I have been a victim of website hacking on because of my previous hosting, so it doesn’t matter how you secure your site if your hosting isn’t secure, you’d still get hacked. That’s the first thing you have to see to it.
Then the basic thing I do for most of my sites is to install SSL + CloudFlare + reCaptcha v3 (for spams).
For advanced security, WordFence Or Sucuri based on my experience. I only use them for enterprise clients.
Other habits,
Monthly updates and backups (adjust timing accordingly)
Rewrite common URLs
Don’t use admin as user
Rewrite theme names (use wp hide – vulnerabilities of wp, themes and plugins are constantly targeted)
aldinlapinig
I have been a victim of website hacking on because of my previous hosting, so it doesn’t matter how you secure your site if your hosting isn’t secure, you’d still get hacked. That’s the first thing you have to see to it.
Then the basic thing I do for most of my sites is to install SSL + CloudFlare + reCaptcha v3 (for spams).
For advanced security, WordFence Or Sucuri based on my experience. I only use them for enterprise clients.
Other habits,
Hope that helps.