There are a ton of security plugins out there, and here’s why you should consider using WordFence.
If you’re not going to pay for a plugin, then stick with WordFence. If you do have a bit of money to spend, I’d recommend you use something like NinjaFirewall or Shield Security as they both cost less. Aside from the price of the pro version though, WordFence is a solid security plugin.
A ton of WordPress security plugins simply don’t have scanners, WP Cerber included. This is why I chose to have more than one security plugin on this site: I have WP Cerber, mostly for its login protection and free antispam, and I use WordFence for it’s malware scanning. It’s caught a few files that were available to the public, none of which could be exploited, but it’s still better to hide things like that.
WordFence gives you the option to block offending IP addresses, or simply throttle them. I recommend that you throttle IPs just in case it is a legitimate user. You can configure it based on page loads, which I think is useful, as each page load can take more than 100 requests. There are separate limits for crawlers, so you don’t have to worry about Google’s crawler timing out while visiting your site.
WordFence proved itself to be effective within days of installing. It blocked nearly a thousand malicious attacks to my site in the first day. It also has an extended protection mode, which loads before WordPress, which will help your CPU and RAM usage to stay lower, should an attack happen(because it’s rejected before WordPress has to fully load)
Too much ads
The only bad thing about the free version is the amount of ads there are for the pro version. Half of the features aren’t available in the free version, so most of the settings are grayed out. It’s still better than other plugins, like Yoast SEO free, but it still gets annoying really fast.