In 2016, we added another plugin that’s part of our base install with any WordPress site we’re developing – iThemes Security / Security Pro for helping to harden WordPress installs. The article linked below outlines some of the common things WordPress, its plugins, and its themes are susceptible to in terms of security holes.
Obviously, as the maker of the theme, their piece is partially about selling the need for their plugin, but 1) that’s ok — both the free and paid versions are great and 2) the information is accurate, valid and something you should be considering with every WordPress install you put out into the public.
Source: iThemes – 5 Common WordPress Security Issues