For RW, SiteLok rules by a mile. I have not found Joe’s stacks for SiteLok very helpful. Basically, you want to lock out unauthorized users. SiteLok is bulletproof here.
If you want to set up an industrial strength membership/subscription site, put a WordPress site on top of your RapidWeaver site, and use one of the industrial strength membership management plugins for WordPress. Use the WordPress site to handle all of the member/subscription management functions, blogs, and bulletin boards. Provide links down to you RW site.
When you use WordPress, be sure to install Elementor and Elementor Pro plugins. These are the best visual editing plugins.
The best of these are PaidMember Pro, Restrict Content Pro, and Member Mouse. All of these require you to have plugins to access the banking system. The plugins of choice here are Stripe and Woocommerce. And, if you are collecting money, do not forget to obtain an SSL certificate.
Two best plugins for learning management systems are LifterLMS and LearnDash.
Two best themes for learning management systems (LMS) are Elumine and Astra. Astra has an integration for LifterLMS. Elumine comes with an integration for LearnDash.
Last thing I might mention is that WordPress is a total kluge for content development. I do that in RW and then move the content over to WP or link to warehouse files from RW. Unlike RW, WP also requires that your video be located in Vimeo or Youtube. In RW, your media files can be located in Resources.
The key thing here is that WP stuff is coded in PHP. PHP executes before HTML. Consequently, PHP security code has priority over HTML code, and it is therefore inherently more secure.