Aqui seguem algumas ações para melhorar a proteção do seu site WordPress contra vulnerabilidades e ataques.
<?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define( 'WP_USE_THEMES', true );
/** Loads the WordPress Environment and Template */
require __DIR__ . '/wp-blog-header.php';
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
# Proteção para wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>
define('AUTH_KEY', 'A=~2R/I?0Bv125cOvs[$_#+rhe`JOaJigj4U~5H,QRB>SIe.rRtuA_2%@9d9w[u$');
define('SECURE_AUTH_KEY', '=l8lf1~e6<5e}_<-}gS$-|z_ST$<%Ym9`Eq+|!fHu6}jSX_57=v8R-K@ <`;/7(K');
define('LOGGED_IN_KEY', 'iWnZ%V4nvXZx.Aj-p`60I%|J5[hK+%<*FS3!oY^H!ZjY0|Jy119OJzl)ytn[BOqS');
define('NONCE_KEY', ']H*J-k.p~4*p:?y6 LOgJ!S-/h>AQA0+LSXMn}POS3/]qa%l*VcP%B.0FfXt0apY');
define('AUTH_SALT', '{yc|cs,rH[Oa=PI+nRyjC5baK7@8`=j/R5+|PCK,%YD8E^JZF|N/8hJ-E^k#)Tk(');
define('SECURE_AUTH_SALT', '?8/BaVO<*[VnD]=5T2m-VK#s+uytbG(E@3VNEy=EvN4)Xtk/2$HEZh5 ZFB(gn4y');
define('LOGGED_IN_SALT', 'Gy0%2Gq.CEM:Ma(6@{G:EL4-t3J6e/fQ+[w>hWKn{2l&22>[i4>m|HlZ]c|+uu|q');
define('NONCE_SALT', '@JY-f0u<)7|xV.wI/]!8;%PGuHP`x758G6WU-W*Ug^@/*TYv]fpk]01bo<UPtjo_');
User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-login.php
Disallow: /wp-signup.php
Disallow: /xmlrpc.php
Disallow: /feed/
Disallow: /trackback/
Disallow: /?s= # Pesquisas internas
Disallow: /search/
Disallow: */embed/
Disallow: */comments/feed/
# Permitir indexação de uploads (imagens, PDFs, etc.)
Allow: /wp-content/uploads/
# URLs sitemaps YoastSEO
Sitemap: https://seusite.com/sitemap_index.xml