The short answer is yes.
The long answer is that trying to boost security from within WordPress is generally a waste of time.
Your site’s security really depends on factors outside of WordPress much more. So the #1 security precaution is to choose a good host. I can’t believe the number of users who choose a terrible host and then rely on a WP security plugin. That’s entirely backwards.
Secondly, you should run https with an SSL certificate. A good host will be able to set you up with a free Let’s Encrypt certificate.
Thirdly, you can implement various security “headers” in your site’s .htaccess file (if you use Apache) or whatever the equivalent is for nginx. This is a good resource: https://www.keycdn.com/blog/http-security-headers/
Fourth, I’d strongly suggest you avoid using the Jetpack plugin. I have seen many sites that were targeted by hackers trying to exploit holes in Jetpack. While you should be OK if you religiously keep it up to date, you might well find yourself the target of sustained hacking attempts looking for known vulnerabilities. I’ve seen these attacks take down a whole network, and I even strip out conditions and filters designed for Jetpack that appear in other plugins and themes precisely so that my sites avoid this risk.
If you still want to run a WP security plugin after that, I’ve found WP Bruiser to be comfortably the best of the ones I’ve tried. The BulletProof Security developer also seems to know what s/he’s doing. But there are just so many that are dreadful …