WordPress is a pretty secure platform on its own. It can’t save you from weak passwords though. Even if your passwords are long and hard to guess, you need to keep hackers from attacking your login page. DoLogin Security for WordPress can help. It limits the number of login attempts. It supports passwordless login and two-factor authentication for security.
This plugin supports WooCommerce. It lets you whitelist or blacklist visitors based on their location. Want to enable Google reCAPTCHA or force SMS Auth validation? No problem. DoLogin keeps a log of attempts, showing you date, IP, location, and login credentials used.