Note: Before starting this take the backup of your .htaccess file and keep a copy on your PC.
1. Hide wp-config.php file
Securing wp-confiq.php is another way to protect your WordPress. This file contains very sensitive information about WordPress installation like the security keys and the database connection details. To secure this file,
- Open your hosting site and tap on the File manager.
- Then search for .htaccess file and choose Edit.
- Now at the end of the .htaccess code, type the following and tap on Save changes.
<Files wp-config.php> order allow, deny deny from all </Files>
2. Disable PHP execution
Another way to improve WP security is by disabling PHP execution.
- Firstly, create a blank .htaccess file on your PC and type the following command.
<Files *.PHP> deny from all </Files>
- Save this file and then upload it to your /wp-content/uploads and /wp-includes/ directories.
- If you want to hide some other files in your directories, you can use the above commands and modify it accordingly.
