Here's how to set up a website with better security.
Check if your web server supports HTTPS. It's best if your website is only available via HTTPS and the Internet connection is always encrypted. This protects the privacy of your users, unfortunately it's not yet supported by all web hosting provider.
You need a web server with TLS and valid certificate.
If many people edit your website, enable the safe mode. Open file
system/config/config.ini and change
You can test safe mode.
If many people edit your website, restrict user accounts. Open file
system/config/user.ini and at the end of the line change the user's home page. Users can only edit pages within their home page.
You can test user restrictions.
Less is more
Check which features are used on your web server. Delete plugins that are no longer needed or make a static website. As a rule of thumb, the fewer software is installed, the less vulnerable the website is for attacks.