No matter what you do, you will never be able to fully stop a player cheating or hacking . The only thing you can do is like you say minimise the risk by smart programming . When working always say to yourself never trust the client . do anything important run on the server , client should only be in charge of cosmetic and visual stuff. You can try to add checks in to catch clients cheating for example when a client moves you know that in X amount of seconds they should have travelled X amount of distance so then you check there old position to the new position if it is irregular then chances are they have cheated eg changed there speed , teleported across map etc
Once game is done you can do something called code abstraction to help stop reverse engineering. Basically what you do is copy all of you’re code so you have the clean master version and then In the version you ship to players you would go through and make you’re code unreadable so you would give variables rubbish names , change names of functions to not make sense etc so if someone was trying to reverse engineer they would have a difficult time.
Another method often used is using layers or servers to hide game data . So you would have a secure server with all the game data hidden on it and players can only download through a secure client what they need to run the game everything else is hidden behind the scenes and should be secure but again one this is not fool proof hackers can script injection , jack databases etc
Unfortunately the hacking business is just as lucrative as actually making the games people always like to win no matter what and often they just get banned buy a new copy of the game and carry on . Hackers make money selling the hacks , game companies get multiple copies of the game brought , and anti cheat companies make money by trying to stop them it’s a viscous cycle and only is the game players that loose out