A simple list of plugins that you can not forget if you want to have well protected WordPress
A plugin that protects our installation of WordPress with different improvements. Some of the improvements are: Eliminates the error information in the Login pages, Deletes the WordPress version, Deletes the plugin and WordPress kernel update information, etc.
This plugin detects, intercepts and records suspicious information.
Create special URLs to log in. It is very useful if you want to prevent users from using the mythical “wp-admin” as well as if you want to change the name for your clients.
Limit the number of attempts to log. Useful to avoid dictionary attacks.
Protect wp-admin with a password of Apache type.
In case your server does not support SSL, this plugin allows you to use encrypted passwords.
Extra protection against exploits and hacking attempts. It does not hurt to take a look.
Scan your WordPress installation against exploits and possible attacks and suggest changes you should make.