Secure your WordPress site

Changes to .htaccess

Add the following lines to your site's .htaccess file…. 

<Files ~"^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

<Files wp-config.php>
order allow,deny
deny from all
</Files>

<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

Options -Indexes

Edit your robots.txt f ile

To stop web crawlers and search engines from scanning your WordPress site edit your robots.txt file to contain the following… 

Disallow: /wp*

Move wp-config.php

Move your site's wp-config.php file out of the WordPress root directory to the directory above. WordPress will still find it but it will be far harder for hackers to find and alter.

secure_your_wordpress_site.txt · Last modified: 2020/10/04 09:30 by bgfdsuperadmin
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial 4.0 International


  • Show pagesource
  • Backlinks
  • Recent Changes
  • Media Manager
  • Sitemap