Not being at all techie, I look for the easiest solutions.
The first step is to Change the Wordress Username.
All new Wordpress installations automatically have 'Admin' as the username, and the hackers know this.
After that, I've found a couple of plugins which have worked beautifully for me (even finding malicious code 18 months old, on a domain which had been deinstalled completely.
Both the FREE plugins are:
- Wordfence Security, and:
Better WP Security
I actually use both together, because there are slight differences in them, and they don't clash with each other.
I can highly recommend either, or both of these plugins, which are ideal for a technophobe like me.
Do you have any you consider are better?