Guide to WordPress Security and Hardening
This guide outlines various methods for securing a WordPress website. It’s a compilation of Best Practices I’ve found over the years, and I use it as a reference myself when setting up a new site.
Restrict Access to Sensitive WordPress Files
The following directives will block outside access to any wp-config.php, php.ini, php5.ini, readme.html, and error_log file on your site. Just add this block of text to your .htacess file at the root of your WordPress website. Generally the .htaccess file is in the Public_HTML directory.
/home/ACCOUNTNAME/public_html/.htaccess
<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|error_log)”>
Order Allow,Deny
Deny from all
</FilesMatch>