Step 1 - It's always best practice to change your user name from the default "Admin" to something more unique and harder to guess such as "cmssitename" it makes it harder for brute force hackers.
Step 2 - Pick a strong password that is at least 10 characters with a mix of numbers, letters and characters, I suggest using a platform such as LastPass to generate and store your login details. It's also important to make the password details unique for your MySQL, FTP and Web hosting account just encase someone manages to guess them such as "CmSP@$$W0rd". Also consider changing it once in a while and certainly if you provide access to external parties such as contractors, employees or web developers once they finish any projects on your site.
Step 3 - Use services like CloudFlare, Incapsula or
Step 4 - Make sure your WordPress version is updated regularly to the latest version to reduce the number of known vulnerabilities, the new versions offer a single click upgrade on most hosting platforms. You might want to confirm the update will not break your Theme or cause problems with plugin functionality, this will only usually affect if you are doing a large update in versions or have a highly customised WordPress site, speak with web hosting support staff or your web developer if you are unsure.
Step 5 - It's very important to make sure your plugins are also updated regularly but if you manage multiple sites consider using a platform like ManageWP that can make updating a number of WordPress plugins & themes scale-able. Most people won't need the advanced functionality for a single website but they do offer a number of wonderful features such as reliable backups and monitor your website for malware and viruses with Sucuri.net integration.
Step 6 - It's a good idea to pick a decent web hosting company, I have a strong preference for Australian based StudioCoast as they seem to balance great services, good prices and excellent tech support. I've found that even the best hosting companies get hacked but having your site on cheaper hosting services can make it more prone to "issues" so consider upgrading to a VPS or dedicated server which will reduce the chances of issues and they can be resolved far quicker than if you have shared or cloud hosting.
Step 7 - It's important to keep your WordPress platform neat and tidy, de-activate and uninstall any old plugins if you are no longer using them, there is no benefit clogging up your CMS with old files. Having removed all the unnecessary files will also save you bandwidth when you are backing up your site and memory on your server.
Step 8 - It's important to monitor your website using a platform such as Jummple Security, Pingdom, Uptime Robot as they will often be the first to flag if there is a major problem with your website.
Step 9 - Lock down your WordPress with security plugins like Better WP Security or BulletProof Security or WP Security Scan these also help fix a number of common vulnerabilities and make it harder for hackers to ruin your day. These can be a bit more complex to setup and not all features are available on all servers so consider looking on youtube as there are several great guides or hire a WordPress expert to help you out!
Step 10 - Backup your database regularly just incase the worst happens, there are plugins like WordFence that allow you to verify and repair your WordPress install. You will find that many web hosting companies offer this service for free or as a small additional monthly fee.