Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.
It blocks spam posts, login attempts and malicious access to the back-end requested from the specific countries, and also prevents zero-day exploit.
WPScan WordPress Security Scanner - Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
Receive information about possible vulnerabilities in your WordPress from WordPress Vulnerability Database API.
This plugin provides the functionality for Reflected XSS and Self-XSS.
WordPress Core Security: Secure your website with real security.
Automatically checks installed plugins for known vulnerabilities and provides optional email alerts.
Performs a detailed security analysis of your WordPress installation. Provides specific instructions on how to make your site more secure.
The CSRF vulnerability is the most famous web vulnerability, since ... i do not remember, too long !