Securing your website is not a onetime task...you need to give your continued attention to make things secure. There are various factors that can affect website security
1. Application level security. This includes closing down all security holes, put measures against known kind attacks, audit the application periodically and, protect from brute-force attempts, patch your application for known vulnerabilities and updates
2. Application Server / Web Server security :- There are certain security measures that you can enforce from service level. We can count layers like WAF, Request filters, etc in this level. Also there are certain server settings that you need to take care to avoid possible attacks
3. Firewall or Proxy :- This you can include in above server itself or use a separate server to hide your actual web server. Having a dedicated WAF can defend good levels of attacks.
4. Operating System and Permissions:- make sure your OS is tweaked for best security and file permissions are properly set to avoid exploiting your file system.
All above points are broad and depend on the type of your hosting. So consult a good agency for advice for your specific server/environment.
If you using Control Panel like cPanel, i suggest use some Security Plugins like cPGuard or imunify360. If not wanna use Security Plugins, then suggest hardening server and use Web Application Firewall with ModSecurity rules.
Also make sure you keep always software up to date.
There is also free malware scanners, like Maldet, ClamAV and use with them additional malware rules.