Wordpress Hardening

Hi WordPressians, I need help with WordPress security.

I have a really simple landing page portfolio website, which I don't log into very often. Today, after almost 5 months, I logged into my WordPress dashboard and was shocked to find 201 blog posts. I was literally stunned.

I installed Bit File Manager but couldn't access the root directory due to a 307 error related to the backend. I then checked the htaccess file from cPanel for any unusual code but found nothing suspicious. I also checked the users in the WordPress dashboard, and there was no one listed except for me. I'm unsure how someone gained access to my dashboard.

The theme and plugins I’m using are:

1. Bricks
2. SEO Framework
3. Site Kit by Google
4. BBQ Firewall
5. LiteSpeed Cache
6. WP Vivid for backups

While writing this post, another blog post was added to my site, seemingly from someone in Brazil.

Note: I'm using a very strong password with 40 characters.