Absolutely! There are certainly some nice WP plugins that will probably do a better job than what we're doing here with modsec. This only protects from brute force attempts on wp-login.php, I'll be adjusting it to also include xmlrpc, but there are lots of other threats that plugins, like tinyShield, will also cover that this will not. I recommend using both if you're able to. But, if you have customers setting up WP sites on your server, at least they'll have some brute force protection whether they install a security plugin using these modsec ruels. I've used a couple Jetpack, Wordfence, and Securi, I'm going to check out tinyShield. Thanks for the recommendation @KH-Jonathan!