Most WordPress themes treat security as an afterthought. A plugin here, a plugin there, and suddenly you have fifteen moving parts that all need updating and any one of them can get you hacked.
Cyberdream BBS takes a different approach. Most security is built directly into the theme. No security plugins needed. In order to avoid additional potential attack vectors.
Out of the box you get XML-RPC disabled, REST API locked down for unauthenticated visitors, version strings stripped from all assets so fingerprinting is harder, Content Security Policy headers, brute force login protection (rate limiting) with configurable limits, and author archives that reveal nothing about your login credentials.
The brute force protection alone is worth mentioning – it tracks failed login attempts per IP and locks them out automatically. You configure the limits yourself directly in the WordPress Customizer. How many attempts before lockout. How long the lockout lasts. Or turn it off completely if you want.
On top of that the theme ships with a full security guide covering HTTP Basic Auth on wp-login.php, Cloudflare setup, fail2ban for VPS users, PHP version management and the single most important piece of advice anyone can give about WordPress – keep your plugin count as close to zero as possible.
Seven built-in color schemes, a fully custom color scheme builder, BBS-style comment system and a retro terminal aesthetic inspired by Tales from the Loop and some classic Amiga software.
Open source. GPL-2.0. Available at github.com/cyb-sweden/cyberdream-bbs.