Using an Open Source CMS with open-source plugins and themes it’s giving a hard time preventing all the hack attacks to your WordPress site.
Many plugins are created by authors who don’t know how to completely secure them. The same with the themes’ authors.
Prevent Hack Attacks
Most of these plugins are working to identify if your website was already hacked but what’s also important is to add a layer on your WordPress site to proactively stop a virus.
The best and simplest way to do this is to change all the known vulnerable paths for all plugins and themes. To do this, you can install Hide My WP Ghost free plugin.
Hide My WP Ghost works together with other security plugins and hides the paths from hackers’ bots, stopping all Script and SQL injections. You can also include Brute Force protection to your login page if you want to use only one security plugin for your website.