Can a WordPress site be stolen at the hosting level? I want to create a site and invest money. And do I understand correctly that Google first evaluates the domain when ranking, and then the site.
That is, there is no point in stealing a site without a domain?

WordPress site can technically be "stolen" at the hosting level, but it's not as common as other forms of site theft. What can happen is that if someone gains access to your hosting account, they could potentially copy all your site files and database, which would give them a full clone of your site. To protect against this, it's important to use strong, unique passwords, enable two-factor authentication, and regularly update both your WordPress installation and any plugins or themes you're using.

In terms of ranking, Google looks at a multitude of factors, but the domain does play a significant role, especially if it has a good history. If a domain has been around for a while and has built up some authority, it's likely to rank better than a brand new domain. But content is really the king, Google also evaluates the actual content of the site, the backlinks pointing to it, user experience factors, mobile-friendliness, loading speed, and more.

So in terms of stealing a site without the domain, there's actually some point to it. If a hacker clones your site and hosts it on another domain, they can still benefit from your content, especially if they're using blackhat SEO techniques. However, the value of the stolen site without the original domain might not be as high because they won't inherit the existing backlinks and domain authority.
To prevent your site from being stolen, always make sure your hosting is secure, your WordPress installation is up to date, and that you have good backups in place. That way, even if the worst happens, you can quickly recover and minimize the damage.

If the content is genuenly valuble and your site is like totally fresh, you can move the content to a more established and popular domain.

Make sure to protect your work with copyright. You can do this by signing the articles with your name and adding a link to your social profiles. If needed, you could ask for your content to be takedown from other websites.

Don't use youre full name as a title for a website. Blogs usualy have an author, who is often mentioned on the 'about' page. It's better to choose a proper name for the site. Think ahead - in a few years, your site might grow enough to be worth trademarking.

If your blog is on a topic you know well, pushing out content without much thought is a bad idea. Firstly, you won't have a lot to say. Secondly, the original content will allways be of better quality. Google takes around a year to realy notice a new site. During this period, add content gradually and ensure Google indexes it, even if it doesn't reach the top results immediately. The key is to show the search engine that your content is fresh and unique.

Content without an author is easy to steal. At a minimum, people might rewrite it, but these copies usually won't be as good as the original, and search engines will rank them lower. But here's the catch: when your site is new, an older, thieving site might outrank you in search results even with your own content.

Protecting your WordPress site is crucial to avoid security breaches and data loss. Start by using strong passwords and keeping your themes, plugins, and WordPress core updated. Install reliable security plugins like Wordfence or Sucuri to monitor threats. Regular backups ensure you can recover quickly if something goes wrong. Also, limit login attempts and use SSL certificates to encrypt data. Taking these steps safeguards your site and boosts user trust.

In order to safeguard your WordPress site, you should use strong passwords, enable two-factor authentication (2FA), and ensure that all themes, plugins, and the WordPress core are kept up-to-date. Install a reliable security plugin such as Wordfence or Sucuri, perform regular backups, and enable SSL encryption on your website. In addition, you should limit the number of login attempts and ensure that file permissions are secure.