Inspired by a burst of intellectual energy (if not a physical one), and by this post, I went through and did the various work still to be done:
- Disallowed crawling by search engines of the blog’s ~/wp-* directories.
- The search.php issue is no longer of concern in the theme I use.
- Made lots of blank home pages in ~/wp-content/plugins directory.
- Removed “<?php bloginfo(‘version’); ?>” from my theme’s header.php file.
- Considering limiting access to wp-admin directories to IP addresses, but need to figure work-based IP addresses.
- Implemented Login Lockdown plugin (after inspecting the source code).
- I already keep up on the version.
- I already take regular backups.
- Already use SSH and SFTP.
- Set .htaccess to block access to wp-config.php.
P.S. Just put a line in my blog’s home directory’s .htaccess file: