These are advanced settings that may be utilized to further strengthen the security of your WordPress site.
Note: These settings block common forms of attacks but they can also block legitimate plugins and themes that rely on the same techniques. When activating the settings below, we recommend enabling them one by one to test that everything on your site is still working as expected.
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
Prevents users from seeing a list of files in a directory when no index file is present.
Disable PHP execution in the Uploads, Plugins and Themes Directories
Enabling these features will prevent malicious scripts from being executed in these directories. If a script is somehow uploaded, trying to access them will result in a 403 error. This will not affect plugin or theme functionality.