Running a CMS on any website can be cumbersome, constantly checking for updates, manually updating and securing the configuration, if it’s not secure-by-default. A big help is the auto-updating feature of WordPress and the plugins helping administering this. Also the security plugins, minimizing bot attacks and evil doers is also comforting and needed in a hostile environment, such as the internet.
Disabling comments and creation of users is recommended, if not needed. Exploits has been seen that elevates privileges.
So my recommendation is to follow these steps as a bare minimum:
Plugins to install and configure:
UpdraftPlus(if you need backup, due to your host providers lack thereof)
Use WPScan and Nikto2 from a kali VM, regularly, to test your website for vulnerabilites, misconfiguration, etc. Follow the recommendations and secure your website as much as you feel adequate. removing obvious readme files, using .htaccess, etc.