It is extremely important to keep your WordPress CMS and all of your themes & plugins updated to their latest versions. Most of the new WordPress updates contain security patches which help keep your site secure. Further information can be found here: https://codex.wordpress.org/Updating_WordPress
The following are some other tips for keeping your Wordpress site secure.
- Don’t use “admin” as your username – Most attackers will assume that your admin username is “admin”. You can easily block a lot of brute-force and other attacks simply by having a different admin username.
- Use strong passwords – Using numbers, symbols and a mix of upper and lower case letters in your password makes it harder for someone to guess your password.
- Ensure your computer is free of viruses and malware – If your computer is infected with virus or malware software an attacker may be able to access your website using your login details. It is very important to have an up-to-date antivirus program and keep the overall security of all computers that access your WordPress site at a high level.
- ONLY download themes and plugins from trusted sources.
- Consider installing one of the Wordpress Security plugins available.
https://wordpress.org/plugins/bulletproof-security
https://wordpress.org/plugins/wordfence
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall