The only way to prevent contact form spam is to not have a contact form. That doesn't work for most people, so the best we can do is reduce the amount of spam that is allowed to be submitted without making it too hard for real contacts.
From a general security perspective, you want to reduce the number of bots and bad actors from reaching your site. A good security plugin like WordFence will help reduce unwanted visitors. I've had good success with using Contact Form 7 and the Contact Form 7 Honeypot plugins, and with Gravity Forms (it has its own Honeypot feature).
A honeypot is a dummy field in the contact form that human visitors will not see, but bots will detect as a contact form field. If this field has any content when it is submitted, the mail is not generated.
This will not remove all spam, as there are people who are paid pennies per email sent to fill forms manually, but it will reduce spam significantly.
Hope this helps.
You could create a .htaccess file in the wp-admin folder and create a .htpasswd file, you will have to create a password for a specific user and load this information into the .htpasswd file. Then point the .htaccess AuthUserFile to the location of the .htpasswd file and also add AuthType, AuthName and Require valid-user
A good resource of information is here:-http://www.htaccesstools.com/articles/password-protection/
Love Wordfence (free), but most of all, make your passwords LOOOOOOOOOOOOONG. Use a phrase like 'I hate long, 36-character passwords!' [make your own!] Brute force algorithms will hack through a short password in no time, and the hackers have bots that spend their life trying variations of passwords. And increase lockout times to their longest setting (60 days).
Akismet for comment spam.
Often, a good place to start when it comes to website security is your hosting environment. Today, there are a number of options available to you, and while hosts offer security to a certain level, it's important to understand where their responsibility ends and yours begins.
For general security, I highly recommend Sucuri. #sucuri
Good WP plugin to reduce spammers to your blog comments:
What kinds of WP security issues are you having?
When you say that you want to protect your site from spammers, do you mean that you're getting a lot of spam comments or contact form spam? In which case, have you set up the Akismet plugin properly (i.e. registered on the Akismet site and set up the API key)?
If you're having issues with brute-force login attempts, you can use the (free) Limit Login Attempts plugin. For a much more comprehensive security plugin offering a ton of features try the premium version of WordFence ($59/year).
I'd also contact your hosting provider to see what tools they offer. One of the reasons that we strongly recommend clients put their site on a managed hosting solution is that most providers offer continuous monitoring and clean-up for things like malware insertion, nefarious php object injection attempts, and the like.