The weakest part of any WordPress website is nearly always your password.
I manage quite a few websites and I am seeing daily attempts by users to hack into those websites. If anyone is able to guess or retrieve your password then they will have access to your website where they may delete or deface it.
By default, WordPress allows unlimited login attempts which can allow brute-force hacking of your website. The sites I design all use a method for limiting login attempts. When someone attempts to gain administrative access they are allowed 3 attempts to get the password correct after which they are blocked for a considerable length of time. Their IP address is also recorded and can be blocked permanently within the website hosting account.
The use of a strong and unique password is the most important things you can do to prevent successful attacks on your website. I know, passwords are a nuisance, we often have quite a few and they can be difficult to remember but a strong password is now essential in this world we live so make sure your password is strong enough to prevent hacking of your website.
If you cannot think of a strong password then I suggest that you use one of a number of strong password generators that are available such as this one or this one. There are many more, find the one you like and generate your strong and random passwords there. Copy the password into a document or write it down so you don’t forget it.