http://sn.1w6.org/file/mk-20140310T063116-xsakxjl.html

@bobjonkman I have several, and they overlap in capabilities, so it needs careful decisions what (not) to use where; I'm using Login Security Solution (rejected pre-installed Limit Login Attempts which has unresolved issues); All In One WordPress Security and Firewall (careful, you can lock yourself out!); Better WP Security; I also did a lot of things manually (first!) going through http://codex.wordpress.org/Hardening_WordPress, and 'moved' wp-config.php outside of webroot using Aaron Adam's solution found in comments here: http://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial . I'm also enforcing SSL for login/registration/admin area and leaving it optional for content using this: http://codex.wordpress.org/Administration_Over_SSL 1/2