WordPress sometimes gets a bad reputation for security but I believe it’s quite often unfair, and that the real issue is in providing better information for everyone about correct WordPress setup.
Making sure you have the correct file permissions, unique database prefixes, properly generated salt keys (yes that’s a thing), secure and unique usernames and passwords are all absolute essentials.
An excellent way to make a start on these is by choosing a web hosting company that specializes in WordPress hosting, it can be more costly, but it’s worth the investment for your sites security. It’s also likely to be a better for your site to operate on compared to generic hosting and provide some speed benefits specific to WordPress.
There are also several plugins you can reach for when looking to secure WordPress, I like to use Wordfence. It has an excellent firewall, malware scanning, and perhaps most importantly two-factor authentication when logging in.
If you have any questions about securing your WordPress website feel free to get in touch.