You can find few useful tiny mu-plugins in my example Nginx configuration for WP.

Must-use plugins (a.k.a. mu-plugins) are plugins installed in a special directory inside the content folder and which are automatically enabled on all sites in the installation. Must-use plugins do not show in the default list of plugins on the Plugins page of wp-admin – although they do appear in a special Must-Use section – and cannot be disabled except by removing the plugin file from the must-use directory, which is found in wp-content/mu-plugins by default.

source: https://codex.wordpress.org/Must_Use_Plugins

Enhancer

It enhances your security settings:

• set password hashing to Bcrypt
• return 401 HTTP status code after unsuccessful login attempt – so you are able to filter them with fail2ban on server side
• remove sensitive data from REST API (users and comments endpoins)

Mail Fixer

Allows you to tune your WP mail settings (phpmailer):

• unify Sender and From address (missconfiguration causes marking your mails as a spam)
• customize from name and address
• allows you to set your own SMTP server

Custom Login

Blocks direct access to wp-login.php – user have to visit custom URL before

Team Cookie

When user visits the administration it sets a cookie – it allows you to exclude them from the analytics for example.

You can find these plugin in the extras dir inside my repository.