Simple way, do not add content when logged in as admin user but only as author. If you want to go to somewhat extreme, remove the posting capabilities from the admin. Not sure where that will leave you with editing slugs so a proper check of permission will be needed.
This answers your question as author user are not allowed to add scripts and iframes into content, but….. if the computer of the person with the admin permissions is not secure, then you are doomed whatever you do as the hacker can use the login to give himself whatever permissions he likes, even just do DB level changes without even going via the WP APIS.