The best WordPress security is the one you implement without installing plugins. 🙂
OS level security can protect WordPress better than any plugin.
For example, ModSecurity runs before the request hits PHP, which means the WordPress will not even know that anything happened.
The WordPress security setup
- Keep everything updated. It doesn’t have to be newest wp and plugin version. Minnor updates are even safer.
- Change the login url.
- Install the Wp Bruiser plugin, or something similar.
- Install doLogin security for country block and Google captcha V2 integration on login url.
If you have Woocommerce, forum, or something lile that, you should consider setting up Google captcha v3 all over the website, and please, please, use good Hosting.
Thanks for reading.