wp-cron.phpを無効化
/* wp-config.php に追記 */
define('DISABLE_WP_CRON', 'true');※wp-cron.phpを無効化した場合、予約投稿や通知機能などが動作しなくなるため、サーバーcronを利用
$ sudo vi /etc/crontab
# 1分ごとにcronを実行
* * * * * apache /usr/bin/php ~/wp-cron.php > /dev/null 2>&1xmlrpc.phpのアクセス制限
# vi ~/.htaccess
<Files xmlrpc.php>
Order deny,allow
Deny from all
</Files>wp-login.phpをアクセス制限
# vi ~/.htaccess
<Files wp-login.php>
Order deny,allow
Deny from all
Allow from xxxx.xxxx.xxxx.xxxx
Allow from xxxx.xxxx.xxxx.xxxx
...
</Files>wp-login.phpにBasic認証を設置
# vi ~/.htaccess
<Files wp-login.php>
AuthType Basic
AuthUserFile ~/.htpasswd
AuthName "Please enter your ID and password"
require valid-user
</Files>wp-comments-post.phpのアクセス制限
# vi ~/.htaccess
<Files wp-comments-post.php>
Order deny,allow
Deny from all
</Files>wp-trackback.phpのアクセス制限
# vi ~/.htaccess
<Files wp-trackback.php>
Order deny,allow
Deny from all
</Files>複数設定例
# vi ~/.htaccess
<Files ~ "^(wp-config|wp-cron|xmlrpc)\.php$">
Order deny,allow
Deny from all
</Files>wp-adminディレクトリ以下(admin-ajax.phpを除く)をアクセス制限
# vi ~/wp-admin/.htaccess
Order deny,allow
Deny from all
Allow from xxxx.xxxx.xxxx.xxxx
Allow from xxxx.xxxx.xxxx.xxxx
...
<Files admin-ajax.php>
Satisfy Any
Order allow,deny
Allow from all
Deny from none
</Files>wp-adminディレクトリ以下(admin-ajax.phpを除く)にBasic認証を設置
# vi ~/wp-admin/.htaccess
AuthType Basic
AuthUserFile ~/.htpasswd
AuthName "Please enter your ID and password"
Require valid-user
<Files admin-ajax.php>
Satisfy Any
Order allow,deny
Allow from all
Deny from none
</Files>wp-config.phpのアクセス制限
# vi ~/.htaccess
<Files wp-config.php>
Order deny,allow
Deny from all
</Files>salt キーの変更
https://api.wordpress.org/secret-key/1.1/salt/
サイト全体のアクセス制限
# vi ~/.htaccess
order allow,deny
allow from all
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx