I have just started to build a WP site for my lady so she can share her knowledge with world. FYI I do not uderstand much about writing code, or some of the stuff I read. still I like doing it, and am learning.
I began here, http://masterblogster.com/useful-plugins-to-secure-wordpress-website/ (came across it looking for a particular different plug-in solution), next I read http://codex.wordpress.org/Hardening_WordPress (where I admit I only understood part of it). I also visited some of the links I found in the article, as well as doing a search on the WP site, keyword 'securety'. Net result I am as confused as a bee in a virtual flower shop. I have for example not a clue if some of the plug-ins I found should be all used together, or if they might interfere with one-and-other, or what some of the functions are they offer.
One particular question that comes up is, should I log in to my site (when doing maintenance) over a SSL connection? In that case I need to order a certificate form my ISP.
What i did do is not use the admin login account (and deleted it) setting and created my own with a long password.
At this point I will not have a blog where people can post.
I also installed a pug-in that restricts the amount of log-in attempts and than blocks the log-in for 20 minutes.
I also know about keeping plug-ins and WP up to date.
So is there anybody out there, who could advice me what is best for a non-code-writer-and-novice like me to do in order to protect my site as best as I can from big-bad-wolfs out there? Or an article for folk like me?
We are saying thank you and hope to gain some insight in this complex matter.