1.Install Security plugins
We can use Wordfence Security plugin that will scan your site and report all security issues ,we need to take actions to fix it
Wordfence Security – Firewall & Malware Scan
2.Back up your site
If you’re not backing up your website yet, you need to start right away. A backup system will help you restore your site if the worst happens and your site ends up being hacked.
Use a plugin like BackUpWordPress to create a regular backup schedule for your website and don’t forget to store the backup files offsite to ensure those files don’t end up infected as well.
BackUpWordPress
3. Build Strong Admin Area
When it comes to hardening the admin area, you’ll need to change the default admin URL and limit the number of failed login attempts before a user is locked out of your site.
By default, the admin URL for your website will look like this: yourdomain.com/wp-admin. Hackers know this and will attempt to access this URL directly so they can gain access to your site.
While you’re at it, make sure to regularly go through your installed plugins and deactivate and delete the plugins you’re not using anymore.
5. Always use Strong user name and password
Weak username and password can easy to hack , You can generate strong passwords here https://passwordsgenerator.net/ if needed