Do not pay attention to the security of WordPress's website until a problem occurs on your website, then before the problem occurs, you can strengthen the security of your website even more.
1 – XML-RPC Issue, 2 – Directory Listing Issue, 3 – Internal Path Disclosure, 4 – Server Signature, 5 – SQL Injection , 6 – Clickjacking, 7 – WordPress Version, 8 – Login URL, 9 – Robot.txt Disclosure, 10 – 2FA Unavailability,
Its full name is XML Remote Procedure Call, it is a way to establish Remote Connection from WordPress website, But through this DDos attack can be done on your WordPress website, so do not use WordPress app and turn off XML-RPC,
1 – First of all, you enter yourdomain.com/xmlrpc.php in the URL of your website and press Enter, 2 - If it is on then turn it off, 3 - To close, paste the code given below in the htaccess file, 4 - If you are using Rank Math Plugin then first click on rankmath and click on General Settings, and then click on edit htaccess
If your website has this problem or you say that if someone can see the files of your website, then your website is not secure, your website is Vulnerable, Solution – To solve this problem, you have to paste the following code in the htaccess file,
Solution – Using Security Plugin, (wordfence) Update Themes, Plugins, WordPress, update php, Do not use Nulled Plugin, Themes, Use Firewall, Keep a backup of the site.