This plug-in is evidently quite complex... I watched all 35 minutes of video and understand there are several things that I could do to break things during configuration.
I have an obscure DB prefix in use already so no need to enable that option.
I won't be changing wp-content since the site is already in use and that option evidently messes things up.
I'm running BuddyPress and bbPress if that's important.
I would like most of the other options available in Better WP Security. The big question though... if the developer abandons the project, gets hit by falling space debris... whatever... and the project no longer advances along with the WP updates, will I be looking at some significant effort to 'put things back the way they were'?
As I noted, there is plenty going on with this plug-in, so I need to be quite confident it isn't going to modify my site to a level that will present a problem for me in the future!