Hardening and Caching WordPress - A few .htaccess and wp-config.php changes to harden and speed up your website. These are simple changes that can help protect you - https://www.damiencarbery.com/2019/03/hardening-and-caching-wordpress/

htaccess-root.txt

# Block WordPress xmlrpc.php requests.
<Files xmlrpc.php>
deny from all
</Files>

# Block direct access to wp-config.php.
<Files wp-config.php>
Deny from all
</Files>

# Redirect http to https (if applicable to your site)
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# GZIP all content.
<IfModule mod_deflate.c> 
# Compress HTML, CSS, JavaScript, Text, XML and fonts 
AddOutputFilterByType DEFLATE application/javascript 
AddOutputFilterByType DEFLATE application/rss+xml 
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject 
AddOutputFilterByType DEFLATE application/x-font 
AddOutputFilterByType DEFLATE application/x-font-opentype 
AddOutputFilterByType DEFLATE application/x-font-otf 
AddOutputFilterByType DEFLATE application/x-font-truetype 
AddOutputFilterByType DEFLATE application/x-font-ttf 
AddOutputFilterByType DEFLATE application/x-javascript 
AddOutputFilterByType DEFLATE application/xhtml+xml 
AddOutputFilterByType DEFLATE application/xml 
AddOutputFilterByType DEFLATE font/opentype 
AddOutputFilterByType DEFLATE font/otf 
AddOutputFilterByType DEFLATE font/ttf 
AddOutputFilterByType DEFLATE image/svg+xml 
AddOutputFilterByType DEFLATE image/x-icon 
AddOutputFilterByType DEFLATE text/css 
AddOutputFilterByType DEFLATE text/html 
AddOutputFilterByType DEFLATE text/javascript 
AddOutputFilterByType DEFLATE text/plain 
AddOutputFilterByType DEFLATE text/xml
</IfModule>

# Cache different files for different periods:
# - images for 30 days (2592000 seconds)
# - stylesheets for 7 days (604800 seconds)
# - JavaScript files for 1 day (86400 seconds)
<IfModule mod_expires.c> 
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/x-icon "access plus 2592000 seconds"
  ExpiresByType image/gif "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 2592000 seconds"
  ExpiresByType image/png "access plus 2592000 seconds"
  ExpiresByType text/css "access plus 604800 seconds"
  ExpiresByType text/javascript "access plus 86400 seconds"
  ExpiresByType application/x-javascript "access plus 86400 seconds"
</IfModule>

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

htaccess-wp-content.txt

# Prevent execution of PHP files in /wp-content folders.
# Kill PHP Execution
<Files ~ "\.ph(?:p[345]?|t|tml)$">
   deny from all
</Files>

# Block access to debug.log file except for specified IP address.
<Files wp-content/debug.log>
	Order allow,deny
	Deny from all
  Allow from 123.456.789.101
</Files>

wp-config-changes.php

<?php
// Prevent editing of themes and plugins from within Dashboard.
define('DISALLOW_FILE_EDIT', true);

// Enable debug mode for the specified IP address.
if ($_SERVER['REMOTE_ADDR'] == '123.456.789.101') {
    define('WP_DEBUG', true);
    define('WP_DEBUG_LOG', true);
    define('WP_DEBUG_DISPLAY', false);
	@ini_set('display_errors', 0);
}
else {
	define('WP_DEBUG', false);
}