Hardening Wordpress sites

.htaccess

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# Protect config
<files wp-config.php>
order allow,deny
deny from all
</files>

#block access to .inc files sitewide
<Files ~ "\.inc$">
  Order allow,deny
  Deny from all
</Files>

#Protect WP Login
 ErrorDocument 401 "Unauthorized Access"
 ErrorDocument 403 "Forbidden"
 <FilesMatch "wp-login.php">
 AuthName "Authorized Access Only"
 AuthType Basic
 AuthUserFile /home/.htpasswd
 require valid-user
 </FilesMatch>

.htaccess-uploads

# htaccess az uploadsmappában

# Kill PHP Execution
<Files ~ "\.ph(?:p[345]?|t|tml)$">
   deny from all
</Files>

wp-config.php

<?php

/* Override of default file permissions */

define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );

/* Define home */

define('WP_HOME','http://SITENAME.XX');
define('WP_SITEURL','http://SITENAME.XX');

/* Set the new content directory instead of wp-contents */

define( 'WP_CONTENT_DIR', dirname( __FILE__ ) . '/assets' );
define( 'WP_CONTENT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/assets' );

/* Set the new plugin directory */

define( 'WP_PLUGIN_DIR', dirname(__FILE__) . '/plugins' );
define( 'WP_PLUGIN_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/plugins' );

/* Set the uploads directory */

define('UPLOADS', 'assets/uploads');

/* Disallow file edit*/
define('DISALLOW_FILE_EDIT', true);

/* Auto update core*/
define( 'WP_AUTO_UPDATE_CORE', true );

/* Ennyi volt, kellemes blogolást! */