Securing WordPress with .htaccess, the code.

Add the security code below to your .htaccess file.

# BEGIN SECURITY

#hide wp-config file

order allow,deny
deny from all

#hide htaccess file

order allow,deny
deny from all

# Block wp-includes folder and files

RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

# Block trace method
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

# END SECURITY