Securing WordPress with .htaccess, the code.
Add the security code below to your .htaccess file.
# BEGIN SECURITY
#hide wp-config file
order allow,deny
deny from all
#hide htaccess file
order allow,deny
deny from all
# Block wp-includes folder and files
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
# Block trace method
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
# END SECURITY