It is irrevocably true that security is the main thing you must pay attention to when you are using WordPress. Still, to optimize other features is also important. Well, let’s go further about how to secure and optimize your WordPress.
First off, since the files stored in the /wp-admin/ folder is so sensitive since the blog lets the folder open and unfortunately people who access this folder can do something with them, you can secure the directory by placing a .htaccess file in the folder to block access to all IP addresses but yours. Below is the code you must place info the .htaccess file:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Example Access Control" AuthType Basic <limit GET> order deny,allow deny from all allow from xx.xx.xx.xx allow from xx.xx.xxx.xx </limit>
Secondly, hiding your plugins can be necessary because it prevents the bug and vulnerabilities that come with the plugin from damaging your site. So, to avoid other people from learning the plugins you are using, you can simply create an empty index.html file and place your plugins there. This will be much safer.
Thirdly, to keep up with patches and updates are important. Actually, by keeping your WordPress updated, there will be less things to worry, you are suggested to subscribing to the WordPress Development Blog. Also, deleting the meta tag on the header of your website is also vital since it may reveal your WordPress version. It is suggested for you to apply the latest version of WordPress for your site.
Furthermore, to secure your WordPress from hacker, then it will be a good step for you to change the default Admin Account user from “admin.” The solution is by creating a WordPress user admin with admin privileges through the administration interface. Afterward, you should log out from your site and log back by using you new user, then make sure to delete the admin user. Take a note that new admin user must be different than your normal post author.