It is several months trying to figure out WordPress self-hosting.
There is always a problem. Secure yourself too much and you end up knocking a door which you locked yourself.
Searching all the net but there is no step by step instructions on security. There are so many options but so little help.
The point is wordpress.com CMS is good enough for blog on a website enclosed by hard coded secure place but not as an independent CMS.
What I have discovered is that wordpress can be manipulated with right commands from the browser sings to command far more than an average user can make a system dance from Linux terminal.
It is a window95 type version of CMS.
It appears that all the experience of past four years with word press is wasted as it can not survive in open ocean of deepweb without commercial software. So much from the free wordpress.com.
WordPress.com uses security software at server level which are not available to an average user. Some of these additions/plugins/security measure are available at a price and my guess is that is a part of financing the project of blogging.
But real security wordpress.com ensure is from its server configuration not from wordpress.com CMS which is mostly stupid stuff for an average user.
May be it is time to move on to something better like Joomla. But is that really better?
Presently after or really with the labyrinth, self-hosted websites are accessible from public but I can not write or add anything.
So much for user friendliness. But that word is always an euphemism for inviting people to fall into trap. Sorry no trap. This is how technical stuff is sold.
Great! A new challenge.
Maybe I need to learn to write .htaccess file myself. This seems to be some help: http://moz.com/blog/the-definitive-guide-to-wordpress-security.