Let’s install an SSL-certificate from Let’s Encrypt for Nginx.
In your WordPress site, there are directories that include PHP files that visitors should never be able to access directly. They are only there for WordPress to function as an application that runs on your server. But because of WordPress’ directory and file structure, they are kind of accessible to the public. All of them …
If you have a static IP address, like from your own VPN, it is very easy to increase your security tremendously. Simply restrict all logins to that IP address.
When it comes to VPNs, there is the choice between PPTP and OpenVPN. PPTP is pretty quick to setup and works out of the box with most (all?) OSes and devices.