The short answer is Yes. SSL significantly enhances security by encrypting data, and ensures that data sent between your browser and the server is unaltered. If you need visitors to send private information over the web to your site, or vice versa, it is very important to encrypt all your data with SSL.
But I would not say it is the very first thing you should do.
To prevent your site from getting hacked, start with the following:
- Do not use admin as your WordPress username
- Use a difficult password & enforce frequent password changes
- Enable two-factor authentication
- Rename your login page to something other than wp-login.php or /wp-admin/(SSL & Security -> Settings -> Hardening -> Advanced -> Enable Custom Login URL)
- Enable vulnerability detection (SSL & Security -> Settings -> Vulnerabilities) to get notified when a plugin on your website contains a known security vulnerability
- Backup your site to another server or cloud server on a daily basis
If that’s all done, then your next step would be to obtain & install an SSL certificate.
