Guide to WordPress Security and Hardening
This guide outlines various methods for securing a WordPress website. It’s a compilation of Best Practices I’ve found over the years, and I use it as a reference myself when setting up a new site.
Restrict Access to Sensitive WordPress Files
The following directives will block outside access to any wp-config.php, php.ini, php5.ini, readme.html, and error_log file on your site. Just add this block of text to your .htacess file at the root of your WordPress website. Generally the .htaccess file is in the Public_HTML directory.
Deny from all