By default, the newest version of WordPress is pretty secure. Anything which may have been added to some repair hacked wordpress site plugins has been considered by the development team of WordPress . Before, WordPress did have holes but now most of them are stuffed up.
This is great news as it means that there is a community of developers and users that redirected here can improve the platform. Whenever there is a group there will always be people who will attempt to take down them.
This is quite useful plugin, protecting you against brute-force password-crack strikes. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
What's the best way? Out of all the possible choices that are available right now, which one is right for you personally and which path should you choose?
Do your homework and some searching, but if you are pressed for time and want to get this try out the WordPress safety plugin that I use. It is a relief to know that my site (and business!) are secure.