Disable Directory Browsing in WordPress
Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file. Learn more about why and how to disable directory browsing in WordPress.
To disable directory browsing in WordPress all you need to do is add this single line in your .htaccess file:
Disable PHP Execution in Some WordPress Directories
Sometimes hacked WordPress sites usually have backdoor files. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/ folders. An easier way to improve your WordPress security is by disabling PHP execution for some WordPress directories.
Create a blank .htaccess file and paste this code inside it:
deny from all
Now upload this file to your /wp-content/uploads/ and /wp-includes/ directories. For more information check out this tutorial on how to disable PHP execution in certain WordPress directories.
Protect Your WordPress Configuration wp-config.php File
Probably the most important file in your WordPress website’s root directory is wp-config.php file. It contains information about your WordPress database and how to connect to it. To protect your wp-config.php file from unathorized access, simply add this code to your .htaccess file:
order allow,deny deny from all