Protecting your WordPress site is highly important as you could lose everything and worse still if you don’t have backups.
Ninja Firewall WP
This is a fantastic free plugin that creates a buffer between the visitor and your site on first contact, this helps shut down any malicious behaviour before any damage is done.
It creates what is know as WAF (Web Application Firewall) with layers of security, for a free plugin that is fantastic!
The free version allows you to check hourly for updates, daily or weekly. I always leave it on hourly as the number of vulnerabilities are increasing – even some bigger plugins have been caught out (Elementor, Astra).
Limit Login Attempts Reloaded
This is a lightweight plugin that is preinstalled with my WordPress installs by my host, Guru Hosting.
This basically prevents brute force login attempts by limiting and blocking IPs. You can quickly add allow (white list) or deny (black list) IPs one by one or in a range.
This is just a quick and what I consider to be a minimal overview of WordPress security, there are hundreds of plugins but these are 2 essential free plugins I recommend.