As I said in another post, I believe the very popular Wordfence Security plugin to be an excellent security solution for most WP users. Even if Wordfence isn’t the right solution for you, I recommend subscribing to their excellent email list, for timely and informative updates on WP security issues.
My Wordfence quibble: I installed and it and tried it out for awhile, decided in spite of its ample merits it is not for me, deactivated it. I promptly received an email from the Wordfence mother ship, alerting me in somewhat inflammatory language that Wordfence had been deactivated from my site by – my secret admin user name! I keep my admin user name private, and use a public nickname – a minor but sensible security precaution, I think. Wordfence not only harvested my secret admin user name, it reported my admin name to the mother ship, presumably stored it, shared it with – who knows? – and sent it to me in a plain text email. I have no way to know what other private information, if any, Wordfence stole.