I work with Wordpress since years and I use to protect my client websites with iTheme Security + Wordfence keeping core and plugins always updated and using only Themes or Plugin from secure markets.

For example with the Live Traffic tool in the Wordfence plugin I see every minutes bot or humans trying to visit random pages and files in the websites.

I change the wp-admin name to make it more secure but anyway bots or hackers trying to login without success...

Do you have any suggestion?

How can I protect my websites better than this?

Any suggestion about how to change the folders permissions?

Thanks in advice.