Okay, let's go on to the next security task. And to do this, we're going to add some lines to our ht access, or should I say our.ht access, which is a dot file. Where is it? We can't see it. That's because it's a dot file. And we have to go to settings and show hidden files dot files here and save.

And there we can see our ht access.ht access. Again, I said it wrong, and right click and edit that. And here is some lines of code for your WordPress. This should have been written to your ht access by default when you set up your WordPress install. Here are some more lines of code for wordfence plugin. Now what we want to do is in hardening WordPress We have some lines of code that block the include only files.

So this gives you a layer of protection that can be added where scripts are generally not intended to be accessed by the user. So in WP includes that stuff that gets WordPress working, and you don't need users to access any of the files there. What we're doing here is blocking access to files that are in WP includes. So we put that there at the beginning very important, you don't put it within the beginning and ending WordPress tags here. And while we're about it, we can put these lines in to deny access for anyone surfing for the WP config file in WordPress, the WP config file, probably the most important file in the whole of the WordPress install because it contains details of you Your databases name and password and username. So we'll put that in there in the ht access and save changes.

And we go back to the site, test the site's go back to the WordPress back end test the WordPress back end looks like it's all working