Ask HN: What's the minimal WordPress security hardening you'd trust?
I’m trying to understand what actually matters in WordPress security beyond checkbox features.
Constraints: shared hosting, non-technical site owners, must not break plugins/themes, low overhead.
If you had to pick the top 5 controls in a WP security plugin (or server-side), what would you choose and why?
Bonus: what features are mostly noise (false positives, bloat, fear-UX), and what’s surprisingly effective? I do not doubt there will be help here, but I would suggest posting this to the WP subreddit at https://old.reddit.com/r/Wordpress/ A ton of experience and knowledge is there.