/*
* this code goes in your theme`s functions.php file
*/

add_filter('login_errors',create_function('$a', "return null;"));
define( 'DISALLOW_FILE_EDIT', true );

function no_wordpress_errors(){
return 'Nothing to see here, move along!';
}
add_filter( 'login_errors', 'no_wordpress_errors' );
remove_action('wp_head', 'wp_generator');

// Content Security Policy (CSP)
header('Content-Security-Policy: default-src \'self\' \'unsafe-inline\' \'unsafe-eval\' https: data:');

// X-Frame-Options
header('X-Frame-Options: SAMEORIGIN');

//HTTP Strict Transport Security (HSTS)
header('Strict-Transport-Security:max-age=31536000; includeSubdomains; preload');

//Implement Cookie with HTTPOnly and Secure flag in WordPress
@ini_set('session.cookie_httponly', true);
@ini_set('session.cookie_secure', true);
@ini_set('session.use_only_cookies', true);


<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "sameorigin"
Header set X-Content-Type-Options "nosniff"
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:";
</IfModule>