I’m not affiliated with Wordfence in any way, but if you use WordPress it’s just stupid not to use at the very least their free product. In addition to protecting your shit, it also gives you interesting IP’s that are (IMO) fair game to poke around at, like so:
I’ve found a bunch of interesting vulnerabilities on boxes that come up in this list. I would usually try to report to the owner or try to dispose of the malware if I can get in and do it myself. Pretty sure that’s illegal though, so I’m purely speaking in the hypothetical here.