Two Factor Authentication (2FA) is the best method of securing an online account. I personally recommend enabling this option for any online login you use if they make that option available. Enabling 2FA requires that an application is installed to your smart phone or tablet and to use it in order to complete your login to the account you enable it for. The result is that your account is virtually impenetrable – even if your username and password are known – by anyone other than the person who also has access to your device.
2FA is available for the cPanel login (the server administrative area). Any 2FA Application available on whichever app store your device uses should work for this. cPanel provides a QR code to scan with your device using your selected application that will link that application to your login. From that point on, a temporary six digit code which you’ll find in your app any time you run it will be required in addition to your usual cPanel username and password.
For WordPress, I’ve installed the Clef plugin. You need the Clef application to use your device for 2FA. It is free, and they make one for Apple and Android devices (there may be others, but that’s all I can think of right now). When you use Clef to login, it logs you in through the Clef services, which gives us a bit more functionality: your username and password for WordPress is no longer needed, and is – in fact – disabled. Also, if you’ve logged in using Clef on any Clef installation, you’re simultaneously logged into any site where you’ve set up Clef. You have to use your camera on the wavy line animation at least once on every Clef install you want to be linked to, but once you’ve finished that step once, your phone/tablet is set up. You can also log yourself out of any site you logged into using your Clef application. You may need to click a link sent to your e-mail address in order to tie a Clef installation to your login for your site, let me know if you’re interested in enabling this feature for your account and I’ll have a Clef invite sent your way. Once you’ve completed the step, you’ll need to click the “Log in with your phone” button that appears under the username/password form at the WordPress login screen, and hold your device’s camera over the animated lines on the screen so that they approximately line up with the animated overlay displaying on your device’s screen. In about a second, the screen will refresh and you’ll be logged in. If I’m hosting more than one of your sites, you’ll be logged into the other one at the same time. When you log into that one, you still have to click the “log in with your phone” button, but you don’t have to line up the animation again, just clicking the button logs you in.