Totally hide the fact that you are using WordPress
Nobody can figure out that you are using WordPress. The Hide WordPress module can hide your original file structure, meta tags, WordPress specific classes and ids, login and admin URL, and so on…
Enable a well-configurable, secure firewall
You can set up a firewall which filters malicious requests (SQL injections, XSS attempts, malicious file uploads) in every commonly used user-defined values (GET or POST requests and in cookies).
The Firewall module blocks the attempts, and it can send automatic e-mail notifications to you. You can also review the security logs, and block IP addresses.
You can set up a login IP-filter, so even if a malicious user steals your passwords, they won’t able to log in.
Run scheduled code scans
The Code Scanner module checks the basic setups which can be vulnerable, and checks all of your files. The scanner is able to find malicious code snippets and the most common shells as well.
You can put these files in quarantine, or add to whitelist (in case of false positive alert).
There is an option to run scheduled WordPress Code Scanner, which can send an e-mail report about the scan and automatically put suspicious files in quarantine.