In wordpress you have a wp-config.php file.It has all the details related to wordpress installation like database user and password. And to secure the installation you add the following code in .htaccess file present in root of your wordpress installation:-
order allow,deny
deny from all
WordPress blogs are injected by the hackers. We can protect the wordpress blog from such injection by using following code in wordpress :
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\< |%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
