To be able to add new security layer in WordPress add those lines in the .htaccess file:
#Block directory listing Options +FollowSymLinks -Indexes #Block URLS with base64 encoding RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] #Block scripts that try to change global variables RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) #Block SQL injections RewriteCond %{query_string} concat.*\( [NC,OR] RewriteCond %{query_string} union.*select.*\([NC,OR] RewriteCond %{query_string} union.*all.*select [NC] RewriteRule ^(.*)$ index.php [F,L] #Block well-known hackers' utilities SetEnvIf user-agent "libwww-perl" stayout=1 SetEnvIf user-agent "Wget" stayout=1 deny from env=stayout #Block access to sensitive files wp-config.php, .htaccess, readme.html and ru_RU.po, etc. <Files wp-config.php> Order Allow,Deny Deny from all </Files> <Files .htaccess> Order Allow,Deny Deny from all </Files> #Block WordPress user reveal RewriteCond %{QUERY_STRING} author=\d RewriteRule ^ /? [L,R=301]
After that add those lines of code in robots.txt file
User-agent: * Disallow: /cgi-bin Disallow: /wp-login.php Disallow: /wp-admin/ Disallow: /wp-includes/ Disallow: /wp-content/ Disallow: /wp-content/plugins/ Disallow: /wp-content/themes/ Disallow: /?author=*