Hacker attack. How to protect your website? Security!

Hello, Ivan.

I have encountered a security issue with my website. My site has been compromised twice already. The hosting providers helped restore it and explained that there was a hacker attack. In just 20 days, it happened twice. Yesterday the site was working, but today the homepage loads, yet the server does not respond when navigating through sections.

It turned out that this file was present: themes/big/art.php (a message from the host: "delete it, it's a shell"), and the htaccess file was EMPTY!

I have kept this file on my computer just in case; I simply uploaded it via FTP, and the site came back to life.

I think my site is really bothering someone. There are plenty of informational portals in our city, but I'm the only one with customer service features like mine.  How can I secure myself beyond backups, since I update the information on the site daily and in large volumes at once? We have talked about security before in one of the threads; I mentioned that the Ubercart module shows errors on the site and cannot be updated because it was modified for me. At that time, you told me that this would certainly be a weak point... a vulnerability, but there are many such sites, and primarily one needs to secure themselves with backups. Do I need to be significantly obstructing someone for them to discover this weak point, or any other, to destroy the site? But it seems the moment has come, as I wasn't bothered before, and now the recent events are concerning. Thank you in advance for your response!