False data injection (FDI) attacks tamper with the state estimation data and can pose significant threats to the smart grid. The vulnerability analysis and defence strategies may help to mitigate the impact of these attacks. However, existing research efforts have not addressed the computational power and accuracy issues in the vulnerability analysis and defence mechanisms using realistic test environments. In this work, the authors present a novel low-complexity FDI attacks model to perform the vulnerability analysis. The authors develop a reduced-row-echelon-form-based greedy algorithm using the non-linear power flow system to generate FDI attacks more accurately. Later, the authors propose a novel optimal defence strategy by developing a greedy algorithm. The authors' algorithm finds the optimal power assets' locations and defends against hidden FDI attacks with low computation cost. Finally, the authors utilize the proposed AC-based attack and defence models to identify secure sites for distributed generation (DG) in the smart grid. The authors' experimental results for various IEEE standard test systems show enhanced accuracy of the attack and defence algorithms. The authors also validate the effectiveness of the proposed approaches in finding secure sites for DG units in the smart grid.