1. Disable XML-RPC in WordPress
XML-RPC allows you to post on your WordPress blog using popular weblog clients like Windows Live Writer. It is also needed if you are using the WordPress mobile app. It is also needed if you want to make connections to services like IFTTT.
Disable WordPress XML-RPC with .htaccess
# Block WordPress xmlrpc.php requests order deny,allow deny from all allow from 123.123.123.123
2. Disable PHP Execution in Certain WordPress Directories
Create a blank file in a text editor. Call it .htaccess and paste the following code in there:
<Files *.php> deny from all </Files>
Now upload this file in these folders
1. /wp-content/uploads/
2. /wp-includes/
Code Explanation: This code checks for any PHP file and denies access to it.
3. Disable File Editing
You can easily do this by adding the following code in your wp-config.php file.
// Disallow file edit define( 'DISALLOW_FILE_EDIT', true );
4. Limit Login Attempts
Use This Plugin: Login LockDown
Better Option: Use a WP security plugin. iThemes Security (formerly Better WP Security)
5. Disable Directory Indexing and Browsing
locate the .htaccess file in your website’s root directory. After that, you need to add the following line at the end of the .htaccess file:
Options -Indexes
6. install Security Plugins
1. iThemes Security (formerly Better WP Security)
2. Wordfence Security – Firewall & Malware Scan