Hi @hellosite, I’m really pleased you’re enjoying Wordfence.
I absolutely under the circumstances don’t want to cause disagreement but I do want to state our general stance on “security through obscurity”, similar to hiding WordPress login pages, or adding obscure database table prefixes is that knowing Wordfence or indeed WordPress is installed on a site is not a security issue in itself.
Attackers rarely pre-check for the presence of specific vulnerable plugins or WordPress versions as this takes additional time so will often act in a “hit and hope” manner. If somebody is checking a site, the publicly visible page source or commonly known paths for an open source product such as WordPress would allow them to discover this fairly quickly.
Provided you have 2FA and reCAPTCHA enabled for your administrative accounts – as also recommended by WordPress themselves when stating exposure of usernames isn’t a security risk – and complex passwords set for your cPanel/FTP/database/host etc. then Wordfence will look after your WordPress installation using its extensive database of vulnerabilities, IPs and signatures to detect exploitable plugins, known current “bad” IPs, and malicious files.
Regardless of this, I have made our team aware of your thoughts and every suggestion put forward by our customers is always internally considered.
Thanks,
Peter.