7 Steps to Securing your WordPress installation WP Engine automatically does for you

I came across this tutorial back in June of 2013 “10 Steps to Securing Your WordPress Installation” by Fouad Matin http://wp.tutsplus.com/tutorials/10-steps-to-securing-your-wordpress-installation/ (which is now http://code.tutsplus.com/tutorials/10-steps-to-securing-your-wordpress-installation–wp-21579) which provides some quick and easy steps to take to start securing your install.  Reading through it again, I noticed that WP Engine and the newer versions of WordPress do this automatically for you.

1. Remove the “Admin” superuser

WP Engine does not create the “Admin” superuser by default, so there is no account to remove.

2. Choose a strong password

WP Engine automatically installs Force Strong Passwords plugin

3. Limit failed login attempts

WP Engine automatically uses Limit Login Attempts

4. Always update WordPress

WP Engine automatically updates to minor WordPress revisions and automatically updates to major revisions after giving notice.

5. Hide WordPress version

Not feasible.  Even if you try the techniques listed

here: http://code.tutsplus.com/tutorials/10-steps-to-securing-your-wordpress-installation–wp-21579

here: http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/

You should still be able to find the version number with a tool like Secrui.net’s SiteCheck: https://sitecheck.sucuri.net/.

This guy tells you how to do it and then doesn’t even bother himself: http://stanislav.it/wordpress-security-how-to-remove-wordpress-version-number/

6. Backup

WP Engine automatically backs up your site on a daily basis and before and after any updates they perform.  You can manually initiate a snapshot from the my.wpengine.com portal, download a snapshot zip, or request a copy of their offsite backup hosted on Amazon S3.

7. Hide your plugins directory

Nothing there.  see for yourself: https://scottontechnology.com/wp-content/plugins/