A few .htaccess and wp-config.php changes to harden and speed up your website. These are simple changes that can help protect you.
Everyone wants their website to be fast and free from hacks and prevention (of a hack) is better than the cure.
The WordPress Codex has a lengthy article about hardening your WordPress installation. Some of the suggested are incorporated in the code snippets below.
In wp-config.php I disable file editing so there won’t be a ‘Theme Editor‘ menu option under ‘Appearance‘ or a ‘Plugin Editor‘ menu option under ‘Plugins.’ I think that editing files from within the Dashboard is dangerous. If you make a mistake, even something as simple a syntax error, you could render the Dashboard inaccessible and your site would be down. I realise that WordPress 4.9 introduced a warning when editing a theme or plugin and it prevents saving changes if they generate a syntax error. Even with this protection, editing files within the Dashboard is still a bad idea.
Prevent PHP file execution in wp-content area
Themes and plugins are the number 1 area that hackers try to exploit. While theme and plugin developers are well intentioned, they may simply not know how to protect their code from being exploited.
By disallowing PHP file execution in the wp-content area, it can be quite an effective way to stop a hacker even if they have managed to exploit a vulnerability and perhaps uploaded a web shell.
Caching, compression and more security
The code for the .htaccess file in the root directory protects direct access to the wp-config.php file, PHP include files (in wp-admin/includes and wp-includes.
It also blocks XML/RPC access, though you may have to remove this section if a plugin or service needs it e.g. Jetpack.
It is also worth changing the file permissions on wp-config.php and .htaccess files to make them read only. This will prevent PHP scripts from writing to the files.
Login form protection
I use the WPS Hide Login plugin to change the url to my site’s login form. When you set it up you should ensure that you do not have any login links on other pages of your site!!