very good plugin!

It is good for most “round the mill” intruders.
But not for all. I’ve seen it, some intruders are different and can bypass wordfence, login attempt limits, google recaptcha, CDN firewall and cfs firewall all at the same time.
wordpress is poor in security, and the best way to monitor an “important” site is to have eyes directly into the server, as some intruders are good at not leaving trails behind. and attack login area.

Number one criteria, a very very very strong password, like 18 characters with symbols numbers and special characters, + firewall, are a must, but if the site is really precious I would consider strongly to get at least a VPS, and monitor events from inside the server. regularly.