With SSL and Wordfence out of the way, let's now have a quick look at other popular security plugins. Installing them is optional, depending on what you think is a good direction to follow with your website, security-wise:
- Google Authenticator (https://wordpress.org/plugins/miniorange-2-factor-authentication/): Use it to enable two-factor authentication
- Force Strong Passwords (https://wordpress.org/plugins/force-strong-passwords/): Gives you a password strength indicator and doesn't allow weak passwords to be used
- WP Security Audit Log (https://wordpress.org/plugins/wp-security-audit-log/): Keeps a log of all activity going on in the admin section of your website
- Login LockDown (https://wordpress.org/plugins/login-lockdown/): Protects your login page by recording the IP addresses and timestamps of every failed login attempt, and then locks out specific IP addresses based on failed login attempts
- Sucuri Security (https://wordpress.org/plugins/sucuri-scanner/): An alternative to Wordfence, and another great security scanning plugin
Learning more: If you want to learn more about website security and WordPress security in particular, you should subscribe to the Sucuri blog (at https://blog.sucuri.net/). Sucuri is a highly respected company and the leader when it comes to all matters of website and WordPress security. Whenever a new vulnerability is discovered in the WordPress space, it's Sucuri that often breaks the news.