There are different types of security attacks. Here is a very brief explanation of some of the most common ones. Hopefully, this will help to clarify why security is an ongoing and evolving issue and not something that can ever be 100 percent solved out-of-the-box.
These are often overlooked. Make sure your passwords are impossible to guess; use number sequences that are memorizable to you but unimaginable and meaningless to everyone else. Combine number sequences with a variety of upper and lower case letters. Don't share your passwords with anyone. This applies to anyone who has access to your shop or hosting account.
This is when an attacker uses software to repeatedly attempt to gain access to or discover a password by guessing. Clearly, the simplest defense against this is a secure password. A good password is one with upper and lower case characters, apparently random numbers, and words that are not names or can be found in the dictionary...