Wordpress Security Concerns

I'm hosting a few Wordpress sites and my approach to security thus far is to make sure the core and all plug-ins and themes are kept up-to-date, and I run Configserver Firewall (CSF) / LFD on my VPS.

There's a number of Wordpress Security plug-ins out there including ones that attempt to "hide" the fact you are running Wordpress. I've got one site owner that is interested in doing this hiding. I've read some articles in the past on the subject that concluded essentially these hide plugins are in effective as you can't 100% hide you have a Wordpress site from any knowledgable hacker.

I really have two questions regarding Wordpress Security:

(1) For those that are already familiary with BOTH CSF/LFD AND the most popular Wordpress Security Plug-Ins, are there any plug-ins worth installing that increase security but don't unecessarily duplicate security functions that CSF/LFD is already performing, AND, don't add bells & whistles that are unecessary and just overcomplicate the Wordpress setup and potentially effect performance.

(2) Disregarding the "hide" Wordpress plugins from a security standpoint, what would be the best one to use taking into considerating the first question?

Essentially, I'm looking for someone that has experience running CSF/LFD hosting Wordpress sites that has experimented with various Wordpress Security Plug-Ins. They seem hard to come by as it seems the vast majority (not all) Wordpress users aren't running on a VPS or Dedicated Server running CSF/LFD, or, the vast majority of Sys Admins knowledgable about CSF/LFD, aren't Wordpress Security Experts. There's got to be a few "Unicorns" out there though?