yum install mod_security mod_security_crs git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Then you need to customize httpd.conf to load it into apache and then modify the mod_security.conf file to load your rulesets.
Add additional rules such as the free ones:
OWASP ModSecurity Core Rule Set (CRS)
Free ModSecurity Rules – Comodo Web Application Firewall provides real-time for your websites running on Apache & Linux Web Servers
The downside is you have to apply whitelisting rules, because there will be false-alarms. There is a big learning curve involved. But once you learn it you could do very advanced stuff and protect your entire servers (in terms of attacks directed via web sever).
IF you are not an advanced user OR don’t have the time:
Just search for commercial Website Application Firewall (WAF) providers. They will ask you to change your domain’s dns provider to their own. Then they will filter your traffic before sending it to your server. They site in between your server and the public and filter bad traffic.
This is much easier to do but will cost you a monthly fee per domain. (FYI modsecurity is more extensive control since it monitors your webserver directly BUT depending on your setup you may not have the best rule sets)
Some of these services also offer Virtual Patching. They apply fixes to known exploit attacks to commonly used scripts/CMS/plugs/etc. In theory you could keep running outdated plugin while hiding behind the Virtual patching WAF. This is the advantage of commercial WAF compared to the ModSecurity. (Technically, there are commercial rule set that covers zero day exploit for modsecurity but the server licenses to get these updates is so high that only worth it if you have a lot of sites hosted or you have a mission critical site).
When it come to wordpress most of the time the breach happened because of a well known vulnerability of sort in the CMS or plugins.
There is one specific company that I would recommended but since I am a new here, I don’t want to come across as promoting.
Bonus for those that came across this post (since this will be above the OPs needs: Look into SElinux to safeguard your entire linux server (for advanced users only)