7 Steps to Securing your WordPress installation WP Engine automatically does for you
I came across this tutorial back in June of 2013 “10 Steps to Securing Your WordPress Installation” by Fouad Matin http://wp.tutsplus.com/tutorials/10-steps-to-securing-your-wordpress-installation/ (which is now http://code.tutsplus.com/tutorials/10-steps-to-securing-your-wordpress-installation–wp-21579) which provides some quick and easy steps to take to start securing your install. Reading through it again, I noticed that WP Engine and the newer versions of WordPress do this automatically for you.
1. Remove the “Admin” superuser
WP Engine does not create the “Admin” superuser by default, so there is no account to remove.
2. Choose a strong password
WP Engine automatically installs Force Strong Passwords plugin
3. Limit failed login attempts
WP Engine automatically uses Limit Login Attempts
4. Always update WordPress
WP Engine automatically updates to minor WordPress revisions and automatically updates to major revisions after giving notice.
5. Hide WordPress version
Not feasible. Even if you try the techniques listed
You should still be able to find the version number with a tool like Secrui.net’s SiteCheck: https://sitecheck.sucuri.net/.
This guy tells you how to do it and then doesn’t even bother himself: http://stanislav.it/wordpress-security-how-to-remove-wordpress-version-number/
WP Engine automatically backs up your site on a daily basis and before and after any updates they perform. You can manually initiate a snapshot from the my.wpengine.com portal, download a snapshot zip, or request a copy of their offsite backup hosted on Amazon S3.
7. Hide your plugins directory
Nothing there. see for yourself: https://scottontechnology.com/wp-content/plugins/