我是wordpress的新手，我想通过隐藏非公共资源来提高wordpress多站点的安全性，例如wp admin、wp config等。

我的设置似乎有效，但我不知道这个设置是否会破坏某些功能（核心功能、流行插件等）

我的设置一般都好吗

# Disallow public access php for .htaccess and .htpasswd files
<Files ".ht*">
    Require all denied
</Files>

# Disallow public access for *.php files in upload directory
<Directory "/htdocs/wp-content/uploads/">
   <Files "*.php">
       deny from all
   </Files>
</Directory>

# Disallow public access for... 
<Files "wp-config.php">
   order allow,deny
   deny from all
</Files>

<Files "readme.html">
   order allow,deny
   deny from all
</Files>

<Files "license.html">
   order allow,deny
   deny from all
</Files>

<Files "license.txt">
   order allow,deny
   deny from all
</Files>

# Because we do not use any remote connections to publish on WP
<Files "xmlrpc.php">
  order allow,deny
  deny from all
</Files>

RewriteEngine On
RewriteBase /

# List of ACME company IP Address
SetEnvIf Remote_Addr "^127\\.0\\.0\\."      NETWORK=ACME
SetEnvIf Remote_Addr "^XX\\.XX\\.XX\\.XX$"  NETWORK=ACME
SetEnvIf Remote_Addr "^XX\\.XX\\.XX\\.XX$"  NETWORK=ACME
SetEnvIf Remote_Addr "^XX\\.XX\\.XX\\.XX$"  NETWORK=ACME

# Disallow access to wp-admin and wp-login.php
RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax\\.php$ # allow fo admin-ajax.php
RewriteCond %{ENV:NETWORK} !^ACME$ # allow for ACME
RewriteCond %{SCRIPT_FILENAME} ^(.*)?wp-login\\.php$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin\\/
RewriteRule ^(.*)$ - [R=403,L]

# Block user enumeration
RewriteCond %{REQUEST_URI}  ^/$
RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
RewriteRule ^(.*)$ / [L,R=301]

# Block the include-only files.
# see: http://codex.wordpress.org/Hardening_WordPress (Securing wp-includes)
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
#RewriteRule ^wp-includes/[^/]+\\.php$ - [F,L] # Comment for Multisite
RewriteRule ^wp-includes/js/tinymce/langs/.+\\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

<?php
// Remove unnecessary meta tags
// <meta name="generator" content="WordPress 4.1" />
remove_action(\'wp_head\', \'wp_generator\');

// Disable WordPress Login Hints
function no_wordpress_errors(){
    return \'GET OFF MY LAWN !! RIGHT NOW !!\';
}
add_filter( \'login_errors\', \'no_wordpress_errors\' );

<?php
define(\'DISALLOW_FILE_EDIT\', true);
define(\'DISALLOW_FILE_MODS\', true);