#1. Better WP Security
Better WP Security is the best solution to fix one of the most common security risks. The admin login path and username are rarely changed by the webmaster. This means that everyone knows the link and the username which opens the path for brute force attacks. Better WP Security can change the wp-content and wp-admin path changing the links. It can also remove the meta “generator” tag, login error messages and RSD header info.
Better WP Security offers some basic yet essential security controls and it should be the first thing on the list of plugins that needs to be installed the moment WordPress is configured.
Wordfence is one of the most popular plugins for added security for WordPress. The Premium version includes a Cellphone Sign-in via SMS and also enables the admin to block certain countries. This feature makes it easy to stop brute force attacks. It also enables the creation of stronger password policies for users and admins and publishers. In addition, it can control the access of entire networks to the website by using IP and Domain WHOIS reports and public lists of malicious IPs. Additionally, it can send security reports to the network owner.
The plugin has plenty more features such as a DNS security monitor and file malware scanner that is updated constantly in order to recognize the latest suspicious codes.
Wordefnce is 100% free with the exception of the SMS sign-in feature.
#3. BulletProof Security
BulletProof Security has been praised for its ability to prevent code and SQL injection attacks. It provides the means to protect the website against XSS, RFI, CSRF and Base64 attacks.
Another popular feature of the plugin is the maintenance mode. It enables the admin to filter who gets to see his website and who will be greeted by a 503 Website Under Maintenance page. Using IP filtering, the access can be controlled directly from the plugin.
Last but not least, BulletProof Security offers a more convenient way of protecting and updating distributed configuration files without using an FTP client. It locks down critical htaccess files, wp-config.php, bb-config.php, php.ini and php5.ini.
The plugin is completely free with no additional features for users that donated. With a close to 5 star rating, BulletProof Security, the plugin is a must for all WordPress websites.
These 3 plugins should cover all the security gaps in the code and setup of the default WordPress installation. They complement each other and consume very little resources. The only thing that could be added to complete the security packages is an SSL certificate for the domain.
Please note: If you are looking for an easier drag and drop solution that has built in security and is less targeted by hackers and crackers I advise you to use either Weebly , Wix or Yola.