If you are thinking to save your WordPress websites from Cyberattacks such as Brute Force Logins and Spam then you need to use the following free plugins-
WordPress Firewall- This plugins filters all suspicious web requests and also can detect SQL Injection attacks. As this plugin has the potential to whitelist and blacklist contents, comments and unknown parameters, installing it will help save your website from cyber-attacks for sure.
Login Lockdown- This plugin offers IP address information of those who failed to login to your website more than 3 times. So, it refrains hackers from attacking the website through brute force login passwords.
iThemes Security- This plugin helps protect your website by creating useful backups and at the same time helps detect and fix security vulnerabilities.
BulletProof Security- This free WordPress plugin helps protect websites from malicious scripts as it helps track and monitor suspicious activity through .htaccess WordPress Security Protection. Also, it helps users with login security and login monitoring and failure recording feature.
WordFence- If you need a plugin that does spam blockage, malware checking and bot blocking along with a 2-factor authentication then WordFence is the best plugin to opt for. It also helps scan the host for any backdoor vulnerabilities and allows website admins to block traffic from specific IP addresses or countries.
Hope we did cover almost everything available on the WordPress Plugin Store for free.