WordPress is a pretty secure platform but it can still get hacked if you are not careful. Monitoring your site for file changes, protecting your login pages, updating themes/plugins, and preventing malicious requests are just a few ways to protect your site. WProtect is a plugin that checks your plugins and themes to let you know if there are any vulnerabilities.
WProtect identifies possible issues with your core, plugins, and themes and updates you via live notifications on your desktop or mobile device. It also lets you hide your login, ban IPs, disable file edits, and hide WordPress versions. The plugin can also scan POST, GET, COOKIE variables and look out for SQL injection and XSS attacks.
WProtect has dark and light admin styles. You can change notification settings from the back-end. This is a commercial plugin.