Add the following lines to your site's .htaccess file….
<Files ~"^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files> <Files wp-config.php> order allow,deny deny from all </Files> <Files xmlrpc.php> Order Deny,Allow Deny from all </Files> Options -Indexes
To stop web crawlers and search engines from scanning your WordPress site edit your robots.txt file to contain the following…
Disallow: /wp*
Move your site's wp-config.php file out of the WordPress root directory to the directory above. WordPress will still find it but it will be far harder for hackers to find and alter.