I just loaded up the Hide My WP plugin, which masks common WP paths like wp-admin. It goes far beyond what's offered in Defender and Branda. https://hidemywpghost.com/
My first request is for WPMU DEV to look closely at this plugin, and incorporate many or all of its features. I usually don't like for plugins to get bloated with features that duplicate those of others. In this case, we're paying WPMU DEV for branding and security, and this other plugin has Pro features that I'd rather get from the vendor that I'm already paying.
Second, please note the changes that are possible with this plugin. If we can change the path for login, wp-admin, ajax, assets, etc, then Dev services might have a problem accessing our sites. That includes The Hub, Snapshot, and perhaps hosting features. It may include links back to a site which are inserted by plugins. Please install and run this Hide My WP plugin and then test Dev services and plugins to ensure there are no hard-coded links that will break. I don't want to go without managed backups because I have security that Dev can't navigate. How do you fix that? Get the WPMU Dev Dashboard plugin to send site-specific details to the Dev servers so that they can correctly reach back to the site.
Note also the security checks that can be done with that plugin, many of which are not included in Defender.
Note the feature that removes HTML Comments inserted by themes and plugins … is that done by Hummingbird?
What else can be learned from this other offering?
I know that trying to hide the nature of a WP site is naïve. With a simple scan of a home page a hacker can detect the nature of the environment and craft code to thwart this first level of defense. But most hackers are not that sophisticated. Script kiddies brute-force common attack vectors with the simplest of tools. If those tools don't work, they move on. Simple measures like this help to deter a specific class of intrusion, not all. And Some protection of these vectors (provided by Hide My WP Ghost) is better than the minimal protection in this specific area from the Dev offerings.
In the process of considering features that are inspired by this other fine plugin, please consider first adding their Pro features to Defender or Branda, rather than adding the free features first. We can already get the free features. We don't need Dev to duplicate those. I'm asking Dev to provide good features that we would need to purchase elsewhere.