We are looking at a dedicated server, we want something fully managed so we don’t have to worry about things like updating PHP and MySQL.
I planed on using all of the options above along with additional server side security options provided by the host such as: Firewall, Anti Spam, Virus Protection, HTTP Intrusion Protection, Server Hardening, Daily Security Audits or scans, Disabled Root FTP Access, etc.
I was also looking into the plugin WP Login Security 2 as an additional security option.
It would seem to me that the reason that WordPress might be considered not as secure as something like Drupal is because of the following 2 reasons:
- WordPress is the most popular CMS so it makes it a bigger target.
- WordPress is very easy to use, so there are more “non-tech” users utilizing the CMS and not properly securing it.