Most WordPress security advice focuses on what you do inside WordPress: update plugins, use strong passwords, install a security plugin. That advice is correct but incomplete. A significant portion of WordPress security is determined by your hosting infrastructure — the layer below WordPress that no plugin can touch. Understanding that layer
