Update WordPress, your themes and plugins.
Change username from Admin to something else.
Use a strong password.
Delete the wp-config-sample.php from your root folder along with the readme and any unnecessary files. I deleted the readme.txt and the license info text file.
Keep a minimum of themes and just the plugins that you use.
Turn off Settings -> General: Membership “Anyone can register” IF you do not plan on having people register on the site.
Regularly backup your site.
Implement SSL certificates (Talk to your web host).
Hide the WP-Admin login page.
Use a WordPress security plugin.
Use a secure browser which protects your privacy. For instance Brave.com
Another security tutorial that I have is: A short overview of WordPress Security plugins.