Three basic things to protect your WordPress site, hide wp-login.php, hide wp-config.php, and protect wp-content/uploads folder using htaccess.
Three Basic Things
Three basic things that should be present in any WordPress site:
- Hide wp-login.php
- Hide wp-config.php
- Protect wp-content/uploads folder.
Hide wp-login.php
To hide file “wp-login.php” use Rename wp-login.php plugin.
Easy to use, just download it, install it and activate it, now go to WordPress “Settings” > “Permalinks”:
Or open this link (change domain yoursite.com): http://yoursite.com/wp-admin/options-permalink.php
Enter a new name, and save changes.
Now “wp-login.php” file name is changed, and “wp-login.php” will be redirect you to Error Page. Visit WP Time Login to check:
https://wp-time.com/wp-login.php
Hide wp-config.php
To hide file “wp-config.php” go to your WordPress site folder using FTP, and open file “.htaccess”, now enter this code in your “.htaccess” file:
<files wp-config.php> order allow,deny deny from all </files>
Where is my “.htaccess” file?
You will find it in your WordPress site folder, first “.htaccess” between file “wp-config.php” and folder “wp-admin”, etc, like this:
Protect wp-content/uploads Folder
To protect folder “wp-content/uploads” we need a new “.htaccess” file inside folder “wp-contant/uploads”, create a new “.htaccess” file and enter this line inside it:
Options -Indexes
You can download this .htaccess file, unzip it, and upload it to folder “wp-content/uploads”, like this:
Enjoy.