1. Protect Your WordPress Admin Area

Code:
AuthUserFile /dev/nullAuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Syed's IP address
allow from xx.xx.xx.xxx
# whitelist David's IP address
allow from xx.xx.xx.xxx
</LIMIT>
2. Password Protect WordPress Admin Folder

Code:
AuthName "Admins Only"AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any 
</Files>
3. Disable Directory Browsing

Code:
Options -Indexes
4. Disable PHP Execution in Some WordPress Directories

Code:
<Files *.php>deny from all
</Files>
5. Protect Your WordPress Configuration wp-config.php File

Code:
<files wp-config.php>order allow,deny
deny from all
</files>
6. Setting up 301 Redirects Through .htaccess File

Code:
Redirect 301 /oldurl/ http://www.ownsite.com/newurl
Redirect 301 /category/television/ http://www.ownsite.com/category/tv/
7. Ban Suspicious IP Addresses

Code:
<Limit GET POST>order allow,deny
deny from xxx.xxx.xx.x
allow from all
</Limit>
8. Disable Image Hotlinking in WordPress Using .htaccess

Code:
#disable hotlinking of images with forbidden or custom image optionRewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wpbeginner.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$  [NC,F,L]
9. Protect .htaccess From Unauthorized Access

Code:
<files ~ "^.*\.([Hh][Tt][Aa])">order allow,deny
deny from all
satisfy all
</files>
10. Increase File Upload Size in WordPress

Code:
php_value upload_max_filesize 64Mphp_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300
11. Disable Access to XML-RPC File Using .htaccess

Code:
# Block WordPress xmlrpc.php requests<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
12. Blocking Author Scans in WordPress

Code:
# BEGIN block author scansRewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# END block author scans