If you don’t know much about programming start by installing a security plug like Wordfence.
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
Your site is already protected because WordPress is secure.
Additional protection can be read here: http://www.codex.wordpress.org/Hardening_WordPress
I use Wordfence and Sucuri plugins (hardening to stop access to PHP) and always check my site with https://sitecheck.sucuri.net/
Keep everything up to date (plugins, core files & themes) make regular backups and cross your fingers for luck.
Hard thing to do if they target you.
I also check the site regularly for defacing (words & images you did not create), creation of new PHP files you did not make, creation of html (mainly shopping) pages you did not create, check users and see if anybody created one without your knowledge and watch your visitor stats. If the are abnormally high and it is not translating to increased customers something (monkey business) is going on.