When installing Wordpress is important to change the predefined salts to avoid any weak cryptography that makes your cookies and session management weaker.

The fastest way to fix that is by using this website: https://api.wordpress.org/secret-key/1.1/salt/

If you want to get more info about possible attacks on unsecure wordpress installation, here a good reading: https://www.securitysift.com/understanding-wordpress-auth-cookies/