Install the Security Kit Module
With web applications there are certain attacks you are guaranteed to encounter. The Security Kit module will harden your site by simply installing it:
composer require drupal/seckit
Look through and study each option, but at the least the defaults will give you some additional security.