1. update your WordPress core, plugins, and themes regularly.
2. Don’t give access to your WordPress admin to anyone else.
3. Always use strong and difficult passwords for your website.
4. Always backup your data.
5. Always use the best security plugins.
6. Use a web application firewall.
7. Encrypt data using SSL certificates.
8. Change default admin username
9. Restrict the number of login attempts.
9. Use 2FA.
10. If your website is hacked, you can consult with managed WordPress website malware removal services like SecureLayer7 .net.