====== Secure your WordPress site ======

===== Changes to .htaccess =====
Add the following lines to your site's ''.htaccess'' file....
<code>

<Files ~"^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

<Files wp-config.php>
order allow,deny
deny from all
</Files>

<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

Options -Indexes

</code>
==== Edit your robots.txt f ile ====
To stop web crawlers and search engines from scanning your WordPress site edit your ''robots.txt'' file to contain the following...

<code>
Disallow: /wp*
</code>
=== Move wp-config.php ===
Move your site's ''wp-config.php'' file out of the WordPress root directory to the directory above. WordPress will still find it but it will be far harder for hackers to find and alter.