I've been active in Internet security since 1982 and have been protecting critical Internet infrastructure since 1986 (remember the Morris worm? it's gotten worse every day since...)
So when I was asked to set up a WordPress site, my first thought was "oh, great, a zillion new attack vectors". I was really happy to find this plugin, and have been a huge fan since.
I've been happily using it for over half a year. So why am I just now writing a review? Simple. The OUTSTANDING support. One day, all of a sudden, it just stopped working. I went through the FAQ, went through the user forums, posted a query, and next thing you know I'm in email conversation with the author.
Not terribly long after that, the problem is resolved. Another plugin did something unpleasant, a change due to an update, and it broke Wordfence. While the other plugin was useful, Wordfence is indispensable, making the call on what to unplug really easy.
I use a couple of other plugins and a decent amount of system and network level protection to lock down the system in addition to using Wordfence, but there are two Wordfence features that I absolutely depend on.
The first is the ability to see what's changed in key files on the site. Not just THAT they've changed, but how they're different from the core WP repository files.
The second is the Live Traffic info. There are lots and lots of "fishing expeditions" out there, people sniffing around assuming that you have a directory structure with folders like "pictures" or "phpadmin" or "private", etc. So they try to open up things that they believe might exist. It fails, which might otherwise go unnoticed, but with Wordfence, I get to see that it happened, and BLOCK THEIR IP ADDRESS.
I depend on Wordfence a lot. Can't say enough good about it. If you're not running it, you should be. Seriously.