In spite of the fact that I am a geek, I felt I had no need of plugins for my blog. Just give me a theme I like and let me write. I hit the support forums over a vastly different issue and chanced upon a support thread mentioning Wordfence. I downloaded it and installed it shortly afterwards. It seemed like a good idea at the time.
Wordfence was probably the most useful plugin I could have installed. Its a brand new blog with no users. Less than two hours after installing the plugin, I checked the live traffic. I got 26 hits from from Google, 10 from china, two from Bulgaria, 6 from Taiwan, 1 from Indonesia, and 2 from India and NO human traffic. I've already heard about the brute force attacks where the hackers systematically go through password possibilities using software to generate sequential passwords. Wordfence alerts me to those kinds of attacks as well as others.
Easy to use and set up. Considering the number of blogs I have seen hacked, or with spam in the comments, the freeware version should be automatically included. As it is, it doesn't even show up on the first page of featured plugins her on WordPress. As far as I am concerned, security first, then whistles and bells.
And to the guy above who used a third party script that triggered Wordfence's defenses? Write your own code.