Three basic things to protect your WordPress site, hide wp-login.php, hide wp-config.php, and protect wp-content/uploads folder using htaccess.

Three Basic Things

Three basic things that should be present in any WordPress site:

  1. Hide wp-login.php
  2. Hide wp-config.php
  3. Protect wp-content/uploads folder.

Hide wp-login.php

To hide file “wp-login.php” use Rename wp-login.php plugin.

Easy to use, just download it, install it and activate it, now go to WordPress “Settings” > “Permalinks”:

Or open this link (change domain

hide wordpress wp-login.php

Enter a new name, and save changes.

Now “wp-login.php” file name is changed, and “wp-login.php” will be redirect you to Error Page. Visit WP Time Login to check:

Hide wp-config.php

To hide file “wp-config.php” go to your WordPress site folder using FTP, and open file “.htaccess”, now enter this code in your “.htaccess” file:

<files wp-config.php>
order allow,deny
deny from all

Where is my “.htaccess” file?
You will find it in your WordPress site folder, first “.htaccess” between file “wp-config.php” and folder “wp-admin”, etc, like this:

hide wordpress wp-config.php

Protect wp-content/uploads Folder

To protect folder “wp-content/uploads” we need a new “.htaccess” file inside folder “wp-contant/uploads”, create a new “.htaccess” file and enter this line inside it:

Options -Indexes

You can download this .htaccess file, unzip it, and upload it to folder “wp-content/uploads”, like this:

protect wordpress wp-content/uploads folder