WordPress develops CMS actively with a big team of developers and a large community. Errors are corrected quickly, security patches are released regularly. This makes CMS WordPress trustworthy; however, we recommend you to install addition plugin called Limit Login Attempts Reloaded which prevents a search of access details in the dashboard of your website. Once plugin setting is activated, they appear in the dashboard
Settings > Limit Login Attempts.
Your hosting should use PHP of 7 or greater version. This is specified in system requirements of WordPress. The matter is that older versions of PHP won't be supported anymore, and this may lead to security threats.