Firewall & Security Scanner, the most commonly used plugin. 
In order to secure WordPress, Wordfence requires an endpoint firewall and a malware scanner designed from the ground up. To keep your website secure, our Threat Protection Feed weapons Wordfence with the newest firewall laws, malware signatures and malicious IP addresses it requires. The most robust WordPress protection solution available, rounded out by 2FA and a suite of additional features, is Wordfence.

FIREWALL WORDPRESS
The Web Application Firewall detects malicious traffic and blocks it. Created and managed by a wide team, WordPress security is 100 percent oriented.
[Premium] Threat Protection Feed updates to the real-time firewall rule and malware signature (free version delayed by 30 days).
[Premium] Real-time IP Blacklist blocks all requests from the most malicious IPs, thus reducing load and securing your site.
Protects your site at the endpoint, allowing deep WordPress integration. Unlike cloud alternatives, encryption is not compromised, data can not be bypassed and can not be leaked.
The built-in malware scanner blocks requests involving malicious code or content.
Defense from attacks by brute force by restricting attempts to login.
WORDPRESS SCANNER OF Defense
The malware scanner scans for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections on core files, themes and plugins.
[Premium] Via the Threat Protection Feed, real-time malware signature alerts (free version delayed by 30 days).
Compare your main files, themes and plugins to what is in the repository of WordPress.org, verify their integrity and report any changes to you.
Fix files that have been altered by overwriting them with an original, pristine version. Delete any files that are not easily included inside the Wordfence interface.
Checks the site for known bugs in terms of protection and alerts you to any problems. When a plugin is closed or abandoned, it often alerts you to possible security problems.
By scanning file material, posts and comments for hazardous URLs and suspicious content, it verifies your content protection.
[Premium] Scans to see if your website or IP is blacklisted for malicious behavior, spam or other security problems.
Safety OF LOGIN
Two-factor authentication (2FA), one of the most secure types available via any TOTP-based authenticator software or service for remote device authentication.
The CAPTCHA login page prevents the bots from logging in.
On XML-RPC, disable or add 2FA.
Using documented compromised passwords, block logins for administrators.
CENTRAL DE WORDFENCE
Wordfence Central is a powerful and reliable way of handling security in one location for multiple sites.
Review the security status of all the websites effectively in one view. Without leaving Wordfence Central, view comprehensive security findings.
Strong templates allow Wordfence a breeze to configure.
It’s possible to deliver highly configurable notifications via email, SMS or Slack. Enhance the ratio of signal to noise by leveraging options for severity level and a daily digest option.
Monitor and alert key security activities, including administrator logins, use of compromised passwords and attack activity spikes.
Free for unlimited places to access.
TOOLS OF Defense
Track visits and hack attempts with Live Traffic that are not seen in real time in other analytics packages, including origin, IP address, time of day and time spent on your site.
Block IP attackers or create advanced IP Range, Hostname, User Agent and Referrer-based rules.

Country blocking with Wordfence Premium is available.