Secure your WordPress site
Changes to .htaccess
Add the following lines to your site's .htaccess
file….
<Files ~"^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files> <Files wp-config.php> order allow,deny deny from all </Files> <Files xmlrpc.php> Order Deny,Allow Deny from all </Files> Options -Indexes
Edit your robots.txt f ile
To stop web crawlers and search engines from scanning your WordPress site edit your robots.txt
file to contain the following…
Disallow: /wp*
Move wp-config.php
Move your site's wp-config.php
file out of the WordPress root directory to the directory above. WordPress will still find it but it will be far harder for hackers to find and alter.