Per a fer més segur el teu WordPress, sense plugins, pots editar alguns arxius fàcilment.
Afegir aquestes línies al wp-config.php:
define( 'FORCE_SSL_ADMIN', true );
define( 'DISALLOW_FILE_EDIT', true );
define( 'DISALLOW_FILE_MODS', true );
define( 'DISALLOW_UNFILTERED_HTML', true );
Aquestes línies en el .htaccess:
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>
<FilesMatch "^(xmlrpc\.php)">
Order Deny,Allow
Deny from all
</FilesMatch>
<Files ~ "^.*\.([Hh][Tt][Aa])">
Order Allow,Deny
Deny from all
Satisfy all
</Files>
<Directory /wp-content/uploads/>
<Files *.php>
deny from all
</Files>
</Directory>