Update and upgrade your WordPress plugins, themes and other vital functionalities as hackers often attack the outdated versions.
Adding a security feature or WordPress plugin that limits the login attempts can help to prevent sudden attacks as hackers try various combinations of passwords.
Two factor Authentication is vital as it adds extra security beyond your passwords. You can also add other code to authenticate your website.
Always be alert and keep monitoring your activity logs so as to rectify any suspicious behavior or illegal modifications of file.
wp-config PHP file includes sensitive data like credentials so it's vital to protect it from harmful attacks. You can move to high directory and set the security.