Disable XML-RPC in WordPress via .htaccess and functions.php
Block WordPress xmlrpc.php at the server level with .htaccess or nginx rules to prevent brute-force and DDoS amplification attacks.
Prevent WordPress username enumeration attacks
Block the ?author=N redirect and disable the REST API users endpoint to prevent attackers from discovering WordPress usernames.
Add HTTP security headers to WordPress via .htaccess
Configure X-Frame-Options, CSP, HSTS and other security headers in .htaccess to protect your WordPress site.
Protect wp-config.php and xmlrpc.php via .htaccess
The wp-config.php file is the single most sensitive file in any WordPress installation. It holds the database hostname, database name, username, and password in plain text alongside the secret authentication keys and salts that sign user session cookies, the database table prefix, and any custom environment constants you have defined. If an attacker reads this…
How to force use HTTPS protocol
Force use HTTPS instead HTTP protocol When site use HTTPS it’s very good. But sometimes site can be available use HTTP protocol. And this moment significantly mess up a generally painting of security. In order to avoid such situations we should be use force open all pages using HTTPS protocol.
How to set login and password for to view a site?
Hide site content from prying eyes Problem: Sometimes we need closed all our site from prying eyes, how we can do it?