To be able to add new security layer in WordPress add those lines in the .htaccess file:
#Block directory listing
Options +FollowSymLinks -Indexes
#Block URLS with base64 encoding
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
#Block scripts that try to change global variables
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
#Block SQL injections
RewriteCond %{query_string} concat.*\( [NC,OR]
RewriteCond %{query_string} union.*select.*\([NC,OR]
RewriteCond %{query_string} union.*all.*select [NC]
RewriteRule ^(.*)$ index.php [F,L]
#Block well-known hackers' utilities
SetEnvIf user-agent "libwww-perl" stayout=1
SetEnvIf user-agent "Wget" stayout=1
deny from env=stayout
#Block access to sensitive files wp-config.php, .htaccess, readme.html and ru_RU.po, etc.
<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
#Block WordPress user reveal
RewriteCond %{QUERY_STRING} author=\d
RewriteRule ^ /? [L,R=301]
After that add those lines of code in robots.txt file
User-agent: * Disallow: /cgi-bin Disallow: /wp-login.php Disallow: /wp-admin/ Disallow: /wp-includes/ Disallow: /wp-content/ Disallow: /wp-content/plugins/ Disallow: /wp-content/themes/ Disallow: /?author=*