Have you heard about new vulnerabilities in WordPress plugins: Ultimate Addons for Elementor and Ultimate Addons for Beaver Builder? Those vulnerability under certain conditions allows you to log in as any registered user without a password. If it succeeds in logging in under the administrator account, then the attacker will have full control over the site.
And the firewall deploying system been updated too. A little, this week. So now it also can automatically detect that your WordPress installed in sub-folder /cms/ and several others most popular sub-folder’ names and deploys there automatically too. These means more sense of calm for you, ‘cos won’t find yourself asking for help to enable the firewall in such cases.