I'm using WordPress more and more to set up sites on TC for clients and at the same time wanting to address security in the best way I can on shared hosting.
I already do a few things such as moving wp-config, using limitlogins, not having admin as a user, being strict with plugin use and updates etc, but I am noticing in logs that some of the sites are having plenty of attempts to get in through the admin frontdoor (all are failing) and I assume there are many other automated attempts.
Having said that, I'm looking at a couple of extra tools but wondering about their impact on a) the site and TC servers
One is wordFence which has it's own login limit/lockout along with file scanning and other security checks. I get the strong impression though that doing scans is heavy on the server processor.
Second one is Cloudflare which I am only just starting to look at, but seems to introduce itself between the site and users (works as a proxy) and filters 'bad traffic' from reaching the site.
So two questions:
1) Does TC itself have any policy on either of these tools, and is there any significant server load from wordfence
2) Does anyone have experience using either of the tools either positive or negative.
I hope to get some responses to either or both questions