This week I put the last of the security tweaks in place since I've changed hosts. WordPress is such a huge target because so many sites are built with it. For me me there are two plugins that get installed as soon as I install a site. They are...
Login Security Solution and Google Authenticator. Login Security Solution enforces password changes but more importantly monitors failed login attempts. By these attempts it can adjust the fail rate to slow down and block these failures.
Google Authenticator provides 2-factor authentication. Security is increased because now it's not enough for someone to steal your password and hack your account. They would also need the rolling code to be entered in order to get access.
Installing tose 2 plugins will go along way in securing access to your site.
In addition to these two, I also installed and configured Bulletproof Security and Wordfence. Each of these add additional security tweaks to deny access and changes to let folders and files.
What about you? Have you taken the time to secure your install?Reg Ervin