My first step is but it helped me. I had a fantastic old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And I did before I started my website, what I should have done. And here is where I would like you to start as well. Learn hacked. The attractive thing about secure your wordpress website and why so many people recommend it is because it is really easy to learn. That can be a detriment to the health of our websites. We have to learn how to add a safety fence.
If you're among the ones that check out here are proactive, I might find it a little harder to crack your password. But if you're one of those responsive ones, I might just get you.
Exclude pages - This plugin provides a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page won't appear in any listings useful content of webpages (which contains, and is ordinarily restricted to, your page navigation menus).
Safety plug-ins that were all-Rounder can be considered as a security checker that was complete. They scan and check the site and provide you with information about the weaknesses of the site.
Those are three very simple things you can do to keep WordPress secure without plugins. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.