Apache goodies for WordPress security
The list of things to do to harden a WordPress site with Apache is long, but some things that could be done include: FileETag None <Files wp-config.php> Require all denied </Files> <Files xmlrpc.php> Require all denied </Files> <LocationMatch “/wp-content/uploads/.*(?i)\.php$”> Require all denied </LocationMatch>