How to Protect Your WordPress Website Easily
- Have strong password.
- Don't use user named "admin" with full rights or don't use user with name that is available public and have full righs.
- Update WP and plugins regularly (that's one of the most important thing for security).
- Don't install too many plugins (especially from unknown sources / authors). They could have security issues.
That's general best practices - if you will follow them then the risk is very low.
If you still need additional security then perhaps you can also try using external popular plugins from trusted authors like this: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ or this https://wordpress.org/plugins/sucuri-scanner/, but again following the 4 steps we mentioned above is the crucial base.