When websites are hacked, lines of code are typically injected into existing files through the WordPress admin. If you become the unfortunate victim of a hack, you can still prevent the most common attacks by preventing anyone from editing your files – your last line of defense when the worst happens. The method is pretty straightforward:
1. Add a line of code to your functions.php file.
2. Your files can no longer be edited unless someone accesses your files via FTP.
3. If you ever need to edit your files again through the WordPress admin instead of FTP, simply remove the line of code you added in Step #1 through your FTP.
Here is that line of code:
Remember: The line of code should be added at the end of your functions.php file.