Comment on Beware New WordPress Security Theat: The WordPress Misinformation Virus by Chris.
The miss information mostly seems to come from people running WordPress that haven’t taken the the time to truly understand it.
I mean, I run an MMORPG and I use WordPress + Woocommerce. I use a custom nginx server that I list on one of my sites, http://zionwp.com/zionx-web-server/
On http://boi-infinity.com which is a website that is more prone to being hacked than any typical business wordpress powered site. Mainly because players also run VPS accounts all over the world that constantly try to find insecure scripts to inject, or they just like to try and hack the site for whatever reason.. Sadly, You can’t hack it.
As I mentioned above, I use the custom nginx server, W3 Total Cache. Disk enhanced for pages, xcache for objects and db cause xcache 4 is just fast. I don’t use minify in W3 Total cache, Instead I use Autoptimize plugin using just css and js minification. Obviously I use WooCommerce and a few addons for it but the main security comes from these 3 plugins..
https://wordpress.org/plugins/wordfence/ The best security plugin I’ve ever found! I have tried them all.. WordFence automaticly blocks bot attacks, or hack attempts that we get from butheads who use VPS servers from all over the world to try and hack us, hack wordpress or our site.
https://wordpress.org/plugins/wp-ban/ I use this to ban IP’s from multiple sign ups, plus it allows me to block various problem forums by just adding *thatspamforum.com and so on.
https://wordpress.org/plugins/stealth-login-page/ changes your admin page.
Bottom line, I’ve spent more than enough time working on the optimization, but we have a donation shop with Woocommerce so I needed a bulletproof setup!
You are free to try and hack if you like. Your visit won’t last long..