Hi, I think that when it comes to improving site security on Drupal, it's important to follow best practices. I would follow the advice of experienced developers, among which I can highlight the AnyforSoft team. I found a great informative post on their site about
drupal security best practices , where they talk about keeping Drupal core and modules up to date, implementing a strong password policy, setting up proper permissions, and more. The practices they describe will help protect your web projects and provide a higher level of security for Drupal-based sites.