My security knowledge of WordPress is not that deep, but I believe this might help you a bit:
– First find the vulnerabilities, once you know which one exists, research and find out how to fix it specifically.
To find:
– The WordFence Plugin is very good for this.
– https://forum.fsocietybrasil.org/topic/992-wordpress-scan-vulnerabilities-and-malwares/ Here is a list of sites to scan the failing of your wp
– https://sitecheck.sucuri.net Here you can scan if there is a virus on your site (often plugins bring viruses)
Look for ebooks on the internet, I only have Portuguese, I do not think they will help you much the ones I have
– Firefox’s noscript Addon makes an excellent scan as well.