If your business model is based on your blog, it is advisable that you take all precautions. If it disappears, your project disappears with it. I remember the day they hacked my website. I wanted to die. Since then, I have hired an antivirus. It is not especially cheap, more than 200 euros a year, but I sleep more calmly.

securityUpdates . Always keep WordPress updated and all the plugins.
Install an anti-virus . I recommend Sucuri. The day your website redirects to an online store for adult products, you will understand the importance of antivirus.
Bet on a quality hosting , offering a good customer service and make backup copies on a daily basis.
Change the password frequently. How long have you not modified the password? Do not you remember? Then it’s time to change it. My advice is to contain numbers, letters and special characters.
It correctly manages the users who have access. Do not name all those who have access administrators. Depending on their functions you can name them administrators, editors, authors or collaborators.
Backup of the database. If your hosting does not periodically back up your database, it is convenient to install a good plugin.
Eliminate plugins that no longer contribute anything. Check what plugings you have installed. Those that do not provide any functionality, delete them.
Do not use as user “admin” . If this is your case. Create another user with a different user and transfer all the articles and pages to them, and then delete those users.