Greetings, I have my sites hosted on WPEngine which has pretty solid security from what I have read and experienced so far. But still, I'm finding users from China registering on my site, and I'd rather not have to deal with anyone outside of the US or Canada based on my site's relevancy.
I've therefore installed WordFence which has a (paid) option to block countries. It also has a (free) feature to limit login attempts and lock out a user for 10 or 20 minutes based on my selection.
WPEngine also has the login limits as a separate plugin and I've trapped several "rogue" users trying to login with "admin" (which has been removed).
So, should I just rely on WPEngine's security alone, or should I implement additional measures knowing there may be some overlapping features.