A Few Steps to Secure a WordPress Site
Use a Password Manager
The very first layer of security starts with your password.
You could have the most secure server and WordPress setup ever, but if your password is “qwerty” or some other equally awful password, then all that security is for nothing.
Good passwords need to be lengthy, randomized, and every site and service you use should have it’s own unique password. Do NOT re-use passwords. Ever.
I recommend using KeePass, KeePassXC or Bitwarden.
Then the only the password you need to remember is your master password. Which should be more of a phrase than just a single pass”word”. It should be something you can remember, long, and include upper/lower case, numbers, and special characters.
All other passwords should be generated by your password manager.
Cloudflare Firewall Rules
Cloudflare provides of a number of benefits that many people probably already use such as their Content Delivery Network (CDN), DDoS mitigation, Bot filtering, and caching. All of which is offered for free!