1. Add code to htaccess file
Options All -Indexes
2. Add code to php.ini
disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
expose_php = "off"
3. Using plugin WP Hide web security
Link plugin download downloads.wordpress.org/plugin/wp-hide-security-enhancer.2.5.6.zip