WordPress Website Security Protection:- Firewall Security, Login Security, Database Security & Code Security.

Firewall Security:-

use All In One WP Security & Firewall plugin
use Simple Security Firewall Plugin

User Security :-

Use a Unique, Secure Username & Password.
Use Two-factor Authentication
Verify the User with reCAPTCHA
Password Protecting wp-login.php
Delete the username “admin”
Limit Login Attempts

Code Security :-

Keep WordPress Updated - wp-config.php ( define( 'WP_AUTO_UPDATE_CORE', true ); )
Choose Your Theme and Plugins are actively maintained and regularly updated
Developing Themes and Plugins

Hosting Security:-

Use Managed Hosting & File and Folder Permissions

Server Side make:-

Disallow server-side file editing within WordPress, by adding define('DISALLOW_FILE_EDIT', true); to your wp-config.php file

BulletProof Security Setup & Overview

https://www.youtube.com/watch?v=8NNc6ycWbhw

All In One WordPress Security and Firewall Plugin Overview

https://www.youtube.com/watch?v=CJvCTlVtazA

WordPress Simple Firewall Introduction

https://www.youtube.com/watch?v=r307fu3Eqbo

Source: YouTube

Note :- Protect your WordPress Admin with single IP

order deny,allow
Deny from all
Allow from xx.xxx.xxx.xxx // Your IP Address