General recommendations

• Use the latest stable version of WordPress
• Rename “admin” user (using sql query)
• Use strong passwords (lEtTerS, numbers, special chars)
• Do not use “wp_” table prefix in your wordpress database

[TABLE=3]

Secure wp-content folder

.htaccess file:

Order Allow,Deny
Deny from all
<Files ~ ".(css|jpe?g|png|gif|js|doc|pdf)$">
Allow from all
</Files>

Secure wp-admin folder

.htaccess file:

Order deny,allow
Deny from all
Allow from my.ip.addr.ess1 my.ip.addr.ess2

Recommended plugins

• WP Security Scan