I was referencing that correct file permissions, on a dedicated server, with a well-selected user (NOT admin) will do a LONG way in making it safer. Also, putting in the time to shore up the main holes is 100% worth it. Sure, there are holes in it, just like ANY framework. Simply setting it up right helps a ton. My comment is directed to people who just unzip, dump it on a shared GoDaddy server, and wonder why it gets hacked.
Everything that you just mentioned, at best, protects the server environment from Wordpress vulnerabilities -- and that's assuming that a novice could set up a dedicated server as tightly as good hosting companies set up shared hosts.
None of your recommendations do anything to make Wordpress itself any safer, and if the Wordpress db gets compromised (which happened recently to a lot of folks), then you still don't have much of a site left.
