WordPress security is an important issue these days. Internet is becoming more and more dangerous. The best way to secure your website is to keep themes and plugins updated to the latest versions. Next to that there are two plugins which I use for all my websites: Wordfence and iThemes Security. They both have free versions and you can use them side by side. I also upgraded to iThemes Security Pro. It has a number of functions which I like very much, for instance the possibility to change the url for wp-admin or wp-login.php. This means that brute force attacks are much harder to do.
Read about these plugins on wordfence.com and ithemes.com (no affiliate links).