Unfortunately not everyone on the web is helpful, getting into people websites without permission (hacking) is done for a variety of reasons ranging from simple defacing to professional criminals looking to collect personal details.
Your first line of defence is having strong, complex passwords on the user accounts you use to login to your WordPress site. No amount of security will be worth anything if your password is easily guessed. There are password ‘guessers’ that can be used to test millions of common passwords against a website.
Use the highest quality hosting you can afford for your website. The lower priced hosting companies often run their servers (where your website files live) with reduced security as it reduces support queries to them. Reputable hosting companies run at higher security levels and offer excellent support.
Plugins and Themes
Only use Plugins and Themes from reputable sources. Remove any inactive Plugins and Themes – even if not active they can still pose security threats. The quality and attention to security varies greatly amongst Plugins and Themes, some have even been used to introduce backdoors into websites.