Here are some great codes to insert into your .htaccess file to help with securing your website. Put this in your root folder.
#Disable disable directory browsing Options All -Indexes # Block wp-includes folder and files RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L]
<files wp-config.php> order allow,deny deny from all </files>
This one should go in your wp-content folder.
#Disable Directory Browsing Options All -Indexes # Disable access to all file types except the following Order deny,allow Deny from all <Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar|html)$"> Allow from all </Files>