WordPress:

• Keep updated to latest version; plugins, too

• Have an auto backup service

• Run site on an SSL (secure socket layer)

• Enable 2-Factor Authentication on login

• Have Malware Detection and removal service

Non-Wordpress:

• Always have a reliable developer on-hand (not easy to find)

• Have an auto backup service

• Backup database copy to an independent resource (rsync.net)

• Run site on an SSL (secure socket layer)