Sensitive files that should be locked include configuration files, such as wp-config.php, which contains configuration files, such as wp-config.php, which contain critical information such as database critical information such as the database path and login credentials. In addition, backup files are considered sensitive, as they contain all the site’s information. Sensitive file extensions include .md sensitive files include .md, .exe, .sh, .bak, .inc, .pot, .po, .mo, .log and .sql because they store data or reveal information about the structure and structure and configuration of the site. The importance of blocking these files and extensions is to prevent possible attacks, because attackers can exploit these files to attackers can exploit these files to gain unauthorized access, execute malicious code, expose access, execute malicious code, expose sensitive information or discover vulnerabilities on the website. Discover vulnerabilities in the website. By blocking sensitive files and sensitive files and corresponding extensions, the attack surface is limited and the attack surface and strengthen the overall security of the site. To properly sensitive files and extensions properly, it is necessary to properly configure the proper set up the access rules on the web server, or contract a Managed WordPress service such as the one offered by NeoCompute.