In my view, the best way to make sure your WordPress security is via the use of a fix hacked wordpress site backup plugin. This is a fairly inexpensive, easy and elegant to use way to make sure your site is available to you in case of a disaster.
Don't make the mistake of thinking that your hosting company will have your back so far as WordPress backups go. Not always. It find here has been my experience that the hosting company may or may not be doing backups while they say they do. Why take that kind of chance?
There is a section of config-sample.php that's headed"Authentication Unique Keys." There are. A hyperlink is inside that part of code. You need to enter that link into your browser, copy the contents which you return, and replace the keys you have with the unique, pseudo-random keys offered by the website. This makes it harder for attackers to automatically create a"logged-in" cookie for your site.
Install the WordPress Firewall Plugin. Prevent and this plugin investigates web requests to recognize attacks.
There are always going to be risks being online (or even just being alive!) And it's this post easy to get caught up in the panic. We often put the breaks on, As soon as we get caught up in the panic. This isn't a reaction. Take some common sense precautions, then forge ahead. It will need to be addressed then, if something bad does happen and no amount of quaking in your will have helped. If nothing does, all is good and you have not made yourself ill with worry.