[GeneralMaximus]

That's a fair point. I usually spend some time hardening my WordPress installs, and keep all of them updated. I also disable a few features of the WordPress dashboard, including updating WordPress core and installing themes/plugins. I do these tasks from the command line using WP-CLI.

This setup lets me do 99% of my everyday work using the WordPress UI. For the remaining 1%, I can SSH and use the command line. I've had a scare or two in the past, but in general my websites haven't been large enough to be lucrative targets. Maybe someone who's running larger blogs can chime in on the security issues.

If you want a one click solution, DigitalOcean's WordPress droplet has a lot of security stuff pre-configured for you. They even integrate fail2ban with the WordPress login screen, which is something I never even considered of doing.