There are quite a few good WP security plugins to try out but one I always find to be good is "All In One WP Security & Firewall". I like this security plugin because it is quick and easy to install yet offers a wide range of protective features such as helping you to create strong and secure passwords, anti-bruteforce protection for your WP Admin page as well as a firewall that will protect you from malicious scripts and crawling attempts by rouge web crawlers.
WordPress itself is a very secure platform. However, I agree that it helps to add some extra security and firewall to your site by using a security plugin that enforces a lot of good security practices.
I know that just using All In One WordPress Security plugin will suffice.
It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques. AIO WP Security also uses an unprecedented security points grading system to measure how well you are protecting your site based on the security features you have activated. AIO WordPress Security plugin doesn't slow down your site and it is 100% free.
Personally I just fence off my wp-admin directory with a password and keep up with the security updates and backups. I don't want to slow down my sites with useless plugins, as it's easier just to drop the backup back should something happen.
I've been using WP for the pas six or so years, and only once did I get hacked, and honestly I think that was because something got in to the shared server.
Sucuri seems to be taking care of everything so far. There is also wordfence. And these two plugins alone are more than enough. Jetpack seems to be coming with some good options. But you should instead do regular security check. And that way you'd find that not much of an security issues to worry about.