As WordPress is constantly evolving, which is great, one also need to stay up to date with security issues with keeping WordPress airtight.
# Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # BEGIN WordPress
Few simple tips using plugins online:
Authenticate your users with:
Force users to generate stronger passwords with
Take things further by hiding your admin login
Much of the information above was summarized from
More information about