It would be great if someone would've conducted security tests against built-in SMF security features and 3rd party protection like forum firewall to see how useful they actually are, like we're doing on other non-PHP security products. Twice as great with comparison to other concurrent bulletin boards . The same about Cloudflare security mechanisms, they're flaunting and advertising their protection, but how much does all of it actually works in real world, we don't know. I know that dedicated application firewalls (like from Barracuda) have protected a lot of servers, at least, against SQL attacks, but hard to say how much useful are above mentioned products.