To follow up on my previous post regarding the use of passphrases over passwords, I think it is also worth mentioning that an excellent way to improve security is to combine passphrases with the use of two factor authentication. Also known as 2FA.
Two factor authentication is effectively a code sent to your phone via SMS or email, or via authenticator apps which are particularly useful as you aren’t relying on SMS messages containing codes to be sent to you all the time. You then enter the code when prompted.
What this realistically means is that anyone trying to gain access to your account through nefarious means would also require this second code, as well as your password or passphrase. Therefore your security is significantly improved using this approach.
Two factor authentication can also be used on WordPress websites with a little help from plugins like Wordfence or WPMUDEV’s Defender.
I would whole heartedly recommend trying to use 2FA wherever possible, even if it is another step, as it’s providing great benefits to your online security.