To reduce Internet threat (i.e. being hacked) against your WordPress, you may consider to
- Backup your WordPress (files + database) regularly
- Keep WordPress (core , theme , plugin) are updated
- Use Strong password for admin users
- Use Two Factor Authentication (2FA)
- Use SSL for HTTPS (use free or paid SSL)
- Change default admin username to others
- We enabled ModSecurity Web Application Firewall by default (do NOT disable it)
- Scan the website regularly for malware and vulnerability (3rd party service)
For details, you may refer to https://www.wpbeginner.com/wordpress-security/
WordPress Release: https://wordpress.org/news/category/releases/
