Being vigilant is an important step in security. You cannot expect what you do not inspect. That is, you cannot expect things to be working, if you do not check in on them periodically. Some plugins help with security maintenance and configuration on your WordPress installation. Just like antivirus and malware detection on workstations, these tools are here to assist in strengthening your security posture.
1.) WP-Security Scan
WP-Security Scan by Michael Torbert, provides an overall security scan of your WordPress installation. It checks many of the items listed previously, including WordPress version, table prefix, and absence of the admin account. It also includes a file system scanner to verify that the permissions are set to the recommended settings. WP-Security Scan provides a nice mechanism to make sure the base settings are in line with a good security posture. We look forward to Torbert adding new features in future releases.
You can find more information on WP-Security Scan at https://wordpress.org/extend/plugins/wp-security-scan/.
2.) WordPress Exploit Scanner
You can find more information about the WordPress Exploit Scanner at https://wordpress.org/extend/plugins/exploit-scanner/.
3.) WordPress File Monitor
The WordPress File Monitor plugin by Matt Walters, looks for files in your WordPress installation that have been added, changed, or deleted. The plugin can be configured to send an e-mail should any file system activity occur. In addition, this plugin can be set to exclude certain directories, such as the uploads folder or file-based cache folders.
If file system changes are made, this plugin sets a warning in your WordPress Dashboard and also sends you an e-mail to alert you of the changes. This can be very handy in the event that something bad happens but will also trigger false alarms when you are performing updates. It is assumed that you know when you are doing updates and therefore can weed these out.
You can find more information about WordPress File Monitor at https://wordpress.org/plugins/wordpress-file-monitor/. This plugin has not been updated in a while, but we continue to use it on our non-Multisite sites.
4.) WordFence Security
WordFence Security by Mark Maunder is a comprehensive security plugin. This plugin checks your installed core files against the current revision in the WordPress repository. It checks both your core WordPress files as well as plugin files. Whereas the WordPress File Monitor is looking for new files added to your site root, potentially dropped in by bad guys, WordFence Security is evaluating your core and plugin files for changes or variations from the source code.
WordFence also scans your actual content for malware and phishing signatures and it has many other security features covering a large spectrum of potential threats or attack vectors.
One of the more interesting features of WordFence is the live traffic information that ties into a software-level firewall. Using the live traffic and firewall features, you can block specific IP addresses or countries from accessing your site. This can help when an attacker is attempting to compromise your site. Furthermore, you can configure WordFence to automatically block or throttle access for IP addresses when usage from those traffic sources exceeds limits that you set.
You can find more information about WordFence Security at https://wordpress.org/plugins/wordfence/.