It’s really hard to answer a question like “how do I protect my robots from getting hacked” because the answer is always going to be “it depends.” What helps me answer questions like this is using a framework for thinking about security.
All of my robots are operated remotely over the internet and I think about security a lot. I came up with a list of things I wanted to try to protect against, then tried to guess at how likely they were to happen, how severe the result would be if they did, and how much effort it would take to reduce the chance of them happening to some acceptable level.
In the security world, this is called threat modeling.
To take your specific example, you have a robot that runs on wifi, and you’re concerned that a hacker could crack your wifi password. It’s just a hobby robot, maybe you decide that it’s unlikely to happen, but would have really severe consequences if it did. So you come up with a couple ideas. One is to use WPA3 with a long passphrase. That has a low effort to implement, and a high effectiveness of deterring password cracking. Another is changing wifi passphrases every week. That also has a high effectiveness, but would be pretty hard to implement. So, in this case you decide that since the chance of a hack is low, it makes the most sense to skip the second option and implement the first - a strong WPA3 passphrase.
The more scenarios like this that you can come up with, the better picture you will get of how secure (or insecure) your robot actually is.
More generally, the techniques that are used to keep computers secure also apply to ROS robots. Set up a network firewall if your network has internet access, keep your operating system’s security patches up to date, use ssh keys for remote login instead of passwords, etc. If your robot needs to talk over the network, make sure it uses a trusted (or secured) connection. These don’t address specific concerns, but taken collectively they improve overall security.
Regarding ROS itself, I haven’t spent a great deal of time researching its security features. There are some security options in DDS that might be worth exploring.
My approach has been to keep the computers running ROS secure, and not focus on ROS itself too much, because that fits my threat model the best. I also lock the outside doors in my house, not the inside doors .