Add a new .htaccess file to directories that include php files, /wp-content/uploads/ and /wp-includes/ directories for example.
Stops hackers from installing backdoors and running their own scripts.
<Files *.php> deny from all </Files>