This plugin was recommended to me a year or so ago and I now use it on several WordPress sites. Aside from its security value, it's a useful primer on basic security issues to consider and be aware of with WordPress sites, including things I wouldn't have thought of.
The plugin also does a pretty good job of warning you of settings that have the potential to break your site or interfere with other plugins, so I haven't had any real problems with it. It's best if you're able to add it to a fresh WP install, but I've added it to existing WP sites with minimal conflicts.
The only omission I can think of is that it doesn't currently have a setting to limit admin access to specific IP addresses. While that isn't difficult to add yourself, such a feature would be a nice complement to the (very handy) away mode, which lets you lock down backend access during periods you know you're not going to be around.