Inspired by a burst of intellectual energy (if not a physical one), and by this post, I went through and did the various work still to be done:

1. Disallowed crawling by search engines of the blog’s ~/wp-* directories.
2. The search.php issue is no longer of concern in the theme I use.
3. Made lots of blank home pages in ~/wp-content/plugins directory.
4. Removed “<?php bloginfo(’version’); ?>” from my theme’s header.php file.
5. Considering limiting access to wp-admin directories to IP addresses, but need to figure work-based IP addresses.
6. Implemented Login Lockdown plugin (after inspecting the source code).
7. I already keep up on the version.
8. I already take regular backups.
9. Already use SSH and SFTP.
10. Set .htaccess to block access to wp-config.php.

P.S. Just put a line in my blog’s home directory’s .htaccess file:

Options -Indexes

Tags:   adminNo Comments