Install the Security Kit Module

With web applications there are certain attacks you are guaranteed to encounter.  The Security Kit module will harden your site by simply installing it:

composer require drupal/seckit

Look through and study each option, but at the least the defaults will give you some additional security.