One part of security is not giving out unnecessary information on the website. Here are two security measures towards that end that I would appreciate in BulletProof Security:
- Hide WordPress core version number in URLs, such as CSS and JS, where it is currently added in the end.
<link rel='stylesheet' id='twentytwelve-style-css' href='http://siteurl/wp-content/themes/twentytwelve/style.css?ver=3.5.1' type='text/css' media='all' />
- Remove all HTML comments from the web pages before sending them to users. Some plugins think it's smart to tell the world in HTML comments which plugins and versions a site is running without even giving an option to disable these.
Both of these pieces of information allow malicious hackers to automatically exploit sites running WP or plugin versions to which they have found exploits to. Not giving out this information would make the sites running BPS less likely to be exploited, especially via automated means.
I've seen some other WP security plugins provide these features, but I'd be happiest to have BPS provide these as an all-in-one security plugin.