WordPress is an open-source website creation tool written in PHP. It is highly customizable it also has thousands of plugin pieces of software so we can use the site for anything. It is free and has a thriving community of developers constantly improving the software and creating plugins to expand the software.
The first free WordPress security plugin is Sucuri. It will clean up your WordPress site at no additional cost if it gets malware. Easy to set up in the WordPress dashboard. It keeps track of everything that happens on your site including file changes last logins and failed login attempts. It will reduce server load time and improve your site's performance by blocking malicious traffic.
iThemes security pro, this has two-factor authentication for an extra layer of security. It is powerful password enforcement and has 404 detection and plugin scans. Jetpack, real-time backups save every change you make to the site. Decentralized malware scanning keeps your site safe from security threats. The free version of jetpack includes basic WordPress security features. WP scan, an open-source tool with unique functionality that can be used to scan remote WordPress installation to pinpoint security issues. Their database of vulnerability is updated daily by community members and dedicated WordPress security specialists. Wordfence is as free to use for many sites as you need. Tracks and alerts you about breached password usage so you can create a new password immediately. Bulletproof security is, easy to use. It has Malware scanning and firewalls. E-mail notifications with security logs when a user gets locked out from failed login attempts.
WP Security and firewall. It scans for malicious patterns and login lockdown after failed login attempts. A password strength tool to allow you to generate appropriately strong passwords. Google Authenticator adds an extra layer of security to your login and also has a simple interface and is moderately easy to use. It offers shortcodes so you can do things like using it on custom login pages. WP fail2ban is protected from brute force attack. This takes a different approach which many see as more effective than what you get from some of the security suite plugins. Secure. The UI in this is probably one of the best. The premium version has a lot of value. It checks security points in 5 minutes and gets a report and then hardens your word press site.