From your note about pushing the RAM limit, I take it you’re using a shared account. If you look at my forum postings over the last year you’ll see a lot of soul searching on that topic, and many suggestions to alleviate the problem of triggering the DH resource bot. One of those suggestions is simply to use different server user accounts for each site. It’s slightly inconvenient but might get you over that hump temporarily.
As much as I’d like to think shared space is ideal as a cheap-n-easy solution, the reality is that for any significant site size in terms of code (plugins) or concurrent users, shared space just doesn’t cut it. For your purposes, VPS might be better - but I understand as a hobby host the cost for that can be prohibitive. For myself, with a need to host a number of small sites and a desire to control my own destiny, I went with DreamCompute/cloud where there is no support for the LAMP stack, but on the other hand the cost is much better.
To be clear, we get Cloudflare for free but I think it’s the WAF part that you want which is not free. That was a fairly recent bonus addition to us. It’s only suitable for stable sites that are not undergoing a lot of development, and personally I’m concerned about how it works with dynamic WP sites … what can it really cash aside from assets if the content is always changing?
Related, and not to sound like a shill … WPMU DEV offers CDN hosting when you use their Hummingbird plugin for optimization. So they minimize, compress, and bundle assets, then put them into a CDN to separate traffic from our DH servers. No WAF but it should be as good as Cloudflare. (Being in perpetual development mode I haven’t used it yet. )