- Protect your wp-admin directory with an .htaccess file
- Protect your wp-content/plugins folder with either a blank index.html or an .htaccess file
- Keep your WordPress install up to date by keeping tabs on the WordPress development blog
I was already doing item 1, though I don’t currently handle IP white-listing (that’s an appealing idea). Item 2 was something I didn’t even know to do. When I checked to see if my plugins were listed, they did indeed show up. I have since corrected this issue. Item 3 is a no-brainer.
Matt also suggests removing the WordPress meta tag from your theme’s header.php file (which I have also done). This particular “bonus” tip doesn’t add a whole lot, but it at leasts cuts down on your broadcasting what version of WordPress you have installed.