Ask HN: What's the minimal WordPress security hardening you'd trust? I’m trying to understand what actually matters in WordPress security beyond checkbox features. Constraints: shared hosting, non-technical site owners, must not break plugins/themes, low overhead. If you had to pick the top 5 controls in a WP security plugin (or server-side), what would you choose and why? Bonus: what features are mostly noise (false positives, bloat, fear-UX), and what’s surprisingly effective? |