1. Make sure that your computer is safe by having an antivirus and a firewall installed.
2. Remove unused themes and plugins.
3. If you ‘re gonna use a file manager, always connect using secure connection like sftp or ssh.
4. Use strong passwords for WordPress admin. A strong password must be at least 12 alphanumerics characters, must contain numbers and punctuation marks. You can use an online password generator. (click here) . The password must be change regularly at least once a month.
5. Change the admin username to something else.
6. Install a firewall plugin.
7. Last but not least, backup regularly and always keep offline backups.
8. Keep WordPress files, themes and plugins updated.

You want to learn more regarding your website safety. Read our article “Best security practices for WordPress website owners“