Hi,
I am a web designer from Croatia. I believe that being in the same time zone and market (EU), we can communicate and work more easily.
I would do a manual install of your WordPress website. The WP engine would be installed in a obfuscated directory (a name like 'my432project', for example). The URL would point to the root domain, of course. That prevents bots from finding any of your typical WP urls and therefore 90% of brute-force attacks are blocked straight away.
But, a hosting which allows this should be found. Also, in addition to the manual install, I would install the WordFence security plugin. All users/admins would be given non-typical usernames.
These measures combined would provide a high level of security for your website.
Please do message me if my offer interests you.
Best regards,
Luka Maras