There are lots of things that can be done to greatly enhance security on your Wordpress site.
We recommend two excellent security plug-ins -
1. All-In-One WP Security and Firewall - This plug-in will assess your current security level and walk you through steps to improve the security of your site. It is extremely simple to use and the measures it will take are very effective. Within about five minutes, your site can be far less likely to ever be hacked. Please remember to run a full backup of your site inside cpanel before allowing the plug-in to make changes ... just in case.
2. Wordfence - This is a security plug-in which has an excellent scanner for scanning your site for malware. If you are recovering from a hack, or simply working to secure your site, it's always smart to scan the entire site for malware. In addition to doing this with ClamAV inside cpanel, we also recommend installing and scanning with this plug-in. It will catch many things which ClamAV may miss.
The thing which is most critical to security is keeping your Wordpress installation along with all themes and plugins always updated. For that we recommend the Automatic Updater plug-in as described the knowledgebase article preceeding this one. That should be your first and foremost step to keeping your installation secure.