Just sent you a PM hoping to help!
Here's my site install notes, so they're a bit rough and ready. Proceed with caution as some of these techniques can break your site so do one at a time. Files to remove: Root - License * Readme.html * Rename Root - wp-login.php (may cause issues, requires testing especially in MU sites). wp-admin - install.php (or delete as case may be) Database prefix - rename using phpmyadmin and reflect in wp-config.php Disable default admin account by renaming to an obscure non-guessable account. .htaccess Root: Turn off indexes (if not enabled at server level) Disable . directories and file access Deny access to wp-config or move to non-public structure (-1 from root). Additional deny access to readme files (if not deleting), php.ini, error logs (wildcard), standard WP includes files, Disable hotlinking wp-admin Enable . IP restriction on wp-admin with fixed IP clients or set up Apache folder password (can also be applied in root to wp-login). .wp-content Enable safe extensions via whitelisting. Set .htaccess to 444 (won't work with all hosts) Server: Enable cookie authentication (PHP 5) Disable indexes Disable PHP handlers to open (if not done in .htacces, caution may break functionality) Plug-ins: Wordfence Security (Caution when using Shared Hosting, RAM hog if not configured) Login Security Solution * Use in conjunction with a meta stripper function (CSD Core). Set file permissions to 644 for files and 755 for folders. Additional security can be had from Perishabe Press's Blacklist, requires extensive testing before production level.