Morning Crunchy!
I haven't turned mine on. Have had this VPS over a year, would turning that on cause any rebuild issues? Is it obvious in WHM? I have found my way around WHM fairly well up to now.
I don't see why it would cause any rebuild issues. Personally I monitor for updates and install them manually and have never had any problems at all. They use a shell script to install, no 'make' or './config' or anything.
In WHM click on Plugins then click on Configserver Security&Firewall. If there is an update available it will show on this screen in the Update section, there will even be a button right there you can click to install the upgrade. To enable auto-updates click the Firewall Configuration button and the third option down is it. Reading the section for it says that it it will create a cron job that runs daily to install updates then restart the services.
Are these installed by default or did you install yourself (well, other than CSF)?
When I got my latest VPS CSF was pre-installed on it right from KH.
Also, I use Wordpress and noticed some of my security plugins are a bit dated. After some research I have decided that WordFence and Best WP Security are probably the best options for me. Do you have any experience with either? I have read that there are no known issues with using both on a site, but was particularly concerned about the bandwidth usage of the Wordfence scans especially if I have that plugin on a number of sites in the same VPS. I am also particularly interested in being able to block foreign countries since the vast majority of my port scans and such come from outside the US and my sites are locally oriented. I am thinking this feature might actually save me significant bandwidth.
I do not have any experience with any Wordpress security plugins what so ever. If you are concerned about bandwidth I would suggest installing them onto just one site and then monitoring it to see just how much of an increase you see. Although I just ran a quick search and turned this up in their FAQ "Wordfence scans do not consume large amounts of your precious bandwidth because all scans happen on your web server which makes them very fast." so perhaps all your worry is for naught.
CSF can be configured to block based on country code although it looks like it will consume quite a bit of overhead as IPtables rules have to be created for each CIDR listed for that country at maxmind.com and these can become quite large.
Personally what I do is monitor my mod_security log (if you don't run mod_security your normal access logs are fine of course) for blocks that it makes. If I find a bunch of blocks from an abusive IP I will look up the IP and many times will block the whole CIDR myself by editing the file /etc/csf/csf.deny making sure to put "# Do not delete" at the end of the rule.