I recently tweaked a few small things on my various sites, hopefully improving security at least a bit. In case any of you are involved in similar tasks and might be interested, here are a few things I changed.

Previously I had installed self-signed certificates for SSL/TLS use on my site (primarily for admin purposes.) This ensures that I have an encrypted connection with my server and do not send my password over the internet in plain text for people to see. I was excited to see that my web host Hawkhost now supports Let’s Encrypt. So, I got new certificates issued by Let’s Encrypt for my sites. Let’s Encrypt certificates are free and easier to manage.
(I noticed that not all images on my sites load successfully over https – I’ll eventually need to make some changes.)

I also now force WordPress logins and admin sessions to occur over SSL/TLS. (Sometimes I forget to use https when logging in.) Check out this page to learn more about it – you basically need to make a change in your wp-config.php file.
While I was in there, I also enabled “DISALLOW_FILE_EDIT” – I don’t use the editor that much anyway.

I’m also considering enabling reCAPTCHA or Duo for logins, to protect against people/robots trying to guess my password, log in, and do who knows what. From my logs, I can see tons of malicious login attempts and it’s sad to say that’s pretty common behavior on the internet.