Hi @leiw, thanks for reaching out to us.
Although this plugin doesn’t appear on our list of outright incompatible plugins, I have seen cases of it needing to be disabled in order to rectify Wordfence Central connection issues for some customers.
We do generally suggest not hiding the WordPress login pages as this can cause issues when other plugins require this path too. With certain “security through obscurity” methods such as this, we feel this only serves to slightly slow down somebody with malicious intent rather than stop them entirely: https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/
Provided you have 2FA and reCAPTCHA enabled for your administrative accounts – as also recommended by WordPress themselves – and complex passwords set for your cPanel/FTP/database/host etc. then Wordfence will look after your WordPress installation using its extensive database of vulnerabilities, IPs and signatures to detect exploitable plugins, known current “bad” IPs, and malicious files.
Thanks,
Peter.
