Are default settings sure enough?

If by secure you mean nobody can hack into it, as long as you are updated to the newest version (which you can do automatically if you’d like) yes.

If you want to be 1000% secure instead of 100% you can do a little more such as (if you did quick install) change the default username of admin to something else.

Theres more on this site.

Of course I’d like to be secure 1000% with a little web development knowledge!
Do WP developers deliver by default “highly-secured” tool or should we be a savvy developer to get his own WP website as secure as possible?
If it is only a matter of changing the default admin account, it is easy to attain!
Are you sure that changing the default username will switch the security level up to 1000% instead of 100%?
I’m a little bit doubtful..!

Ok, more like 250% more. That link explains why

Do WP developers deliver by default “highly-secured” tool or should we be a savvy developer to get his own WP website as secure as possible?

Yes. As long as you have downloaded the newest model (which you can do automatically). People are able to hack the older ones, but the WordPress community is so big and active that as soon as new ways to hack it come out new solutions to avoid them come up too. I could be wrong, but I feel like the Drupal and (whatever the other one ) community isn’t as big and passionate about their CMS.

As I said earlier you can automatically have the new wordpress versions update automatically. Even if you don’t there will be a reminder on your screen.

You can also find plugins to be more secure. I had never tried any. But to answer your question, yes, developers deliver a very “highly secured” tool to begin with.

OK, thanks.
By the way, about plugin, could we really trust them? Are they verified and approved by WP developers or they add their plugins, as in a market, and it is up to the user on his own to choose?
I tried a plugin (with more 1 million downloads!) but I lost my WP install, so I’m a little bit skeptical!

The plugin in question is “Better WP Security” !
After I installed it and applied the “recommended” options, I lost the access to my localhost install!

By the way, about plugin, could we really trust them? Are they verified and approved by WP developers or they add their plugins, as in a market, and it is up to the user on his own to choose?
I tried a plugin (with more 1 million downloads!) but I lost my WP install, so I’m a little bit skeptical!

Wow. Thanks for telling me that. I assumed that plugins with enough downloads (about 10k+) are trustable.

U think somebody knew any of your passwords, or you accidentally changed a theme option. Or in other words, what happened to your WP install?

It was down! I can’t access the install folder! So, I removed WP and re-installed WP de nouveau!
Edit: the downloads number was more than 100 000, not 1 000 000 as I said in the previous post.

100k’s still a lot. Hmm…I’m assuming you went to the directory in Cpanel. So was there nothing in that file, or did the file not extend? And you couldn’t press duplicate on the folder and back it up just in case?

@ wpreser — did you look at this page:

https://codex.www.ads-software.com/Hardening_WordPress

Thank you for the link, WPyogi.
I found the following:

Note that wp-config.php can be stored ONE directory level above the WordPress (where wp-includes resides) installation. Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission)

I have this file at 644, have I do it 400 or 440? The website will continue to work?