Believe it or not, attacks mostly happen because of inadequate usernames and password.
In our experience, using complex usernames and even more complex passwords allows you a high level of security.
Also, we have a limited set of plugins we use for our WordPress installations, which minimizes security threats.
You could opt for WordPress antivirus or security plugins, but remember, the more plugins you add, the more overhead you add, and the more security holes you offer bad actors.
Just to be sure, we keep backups of your website.
In the unlikely event of a security breach, you can opt for a rollback.