Hi, I discovered interesting security plugin - https://wordpress.org/plugins/wp-simple-firewall/, it looks promissing.
Features:
- simple interdaces
- audit log - almost all actions are logged - login, plugin install, mail sent, new content
- selectable autoupdater
- 2 factor authentification with Yubi keys (FIDO is not supported)
- common exploits filter (rev slider…)
Downsides:
- no 404 detection
- no file changes detection
- block php uploads only in WP uploader (via hook, no via .htaccess)