There are many security plugins released for WordPress. The following is a list of features that you should have when selecting a security plugin.

NO.1 Malware inspection, detection, and removal functions

Not many WordPress security plug-ins have the ability to detect malware as well, but WordPress can be infected with malware without you even realizing it, and the ability to remove infected malware from the admin screen is one of the most advanced features of WordPress security plug-ins. The ability to remove infected malware from the admin screen is the most cutting-edge feature in security plug-ins.

Wordfence
Quttera Web Malware Scanner
MalCare
WP Doctor Malware Scanner & Security Plug-in

and other plug-ins can be used for this functionality.

NO.2 Vulnerability Checking Function

More than 60% of WordPress hacks are done through vulnerabilities in plugins and other programs. Many plugin vulnerabilities are publicly disclosed, and hackers often use tools that exploit these vulnerabilities one after another to hack WordPress.
The main plugins that can be tested for vulnerabilities include the following

Wordfence
WPSCAN
WP Doctor malware scanning and security plugin

NO.3 Enhanced Login Screen

About 20% of WordPress hacks are caused by logging in by taking away administrative privileges to the admin screen. To make the password for WordPress admin privileges strong, and at the same time, to put a captcha on the login screen to prevent brute force attacks to break the password by brute force, or Changing the URL of the login screen is effective.

Plug-ins that can strengthen the login screen include the following

All In One WP Security & Firewall
SiteGuard
WP Doctor Malware Scanning & Security Plugin

NO.4 WAF

A WAF is a software (in the case of WordPress, a plugin) that acts like a firewall to prevent hackers from attacking your site.
In the case of WordPress, it can prohibit excessive access to xmlrpc, prohibit access to Track and Trace functions, prohibit access through proxies (anonymous intermediary servers), block the transmission of malicious strings through HTACCESS, and much more.
Plug-ins with excellent WAF features are listed below.

All In One WP Security & Firewall
Wordfence
WP Doctor Malware Scanning & Security Plugin

NO.5 IP Blocking Function

IP is like the address of each computer connected to the Internet. If the IP is blocked, even hackers will not be able to launch attacks.
Plug-ins that record hacker attacks and have the ability to block IPs will provide even stronger protection.
Plug-ins with IP blocking functions are listed below.

All In One WP Security & Firewall
IP Location Block
WP Doctor Malware Scan & Security Plugin