Update: I recently interviewed at Google for the Technical Solutions Engineering position and this question was asked as it is.
1 ) Choose a secure host:
Hackers target hosting servers for vulnerability. Cheap hosting sites do not invest in the best security so naturally, shared hosting can be a point for vulnerabilities. If one site on the shared resource is affected by malware it could end up infecting all the sites in vicinity. (Full of SEO spam + viruses).
2) Enable Two Factor Authentication:
Even if a hacker has your login credentials they are not able to log into the application.
3) Prevent 3rd Party Traffic from using your server. disable xmlrpc.php
4) Disable REST API from general usage.
5) Enable a Web Application Firewall: blocking access from known culprits, filter incoming traffic, blocking IPs that are known for DDOS attacks.
6) Prevent Brute Force Attacks: set up and activity log and keep an eye on unauthorized login attempts. Change Login page URL, have a password protected login page, use secure password, limit login attempts, have a blacklist/whitelist IP list.
7) Use Secure connections: HTTPS, SSH, SFTP
8) Update your website Often
9) Better safe than sorry: Have a plan in case of a DDOS attack, backup often
Example Plugins : WordFence
