I use Netlify & AWS Free Tier for hosting.

How easy is it for black hat hackers to inject malicious codes into a website?

Coming to realize that I've been offering web design/development services to friends and online, I still don't have a clear picture of how to secure a website aside from the HTTPS and SSL Certificate.

Any advice for a beginner?

Thanks!