The eternal dilemma, as they "improve" WordPress with the seemingly infinite new versions and different shades of grey in the admin, do they fix any of this stuff so we don't need dozens of plugins to secure our websites? Specifically, are recent versions of WP (e.g., 3.9.x) vulnerable to bad queries?
For those of us who are not computer programmers, the issue of WordPress security has taken a confusing turn. When I browse the web, I find hundreds of recommendations on how to harden WordPress, but little in the way of info about what is current and what is just legacy stuff that would be a time waster to kludge my way through as a non-expert.
The answer "doesn't hurt, it's a lightweight plugin" doesn't help. Every plugin has a cost. Every tweak to .htaccess takes time out of a person's allotted minutes on the planet -- time we might use to actually write a blog post instead of keeping our blog software running...
Help appreciated. Thanks, MTN