Here are a five ways to secure your Apache hosting your WordPress site by editing the Apache configuration file.
sudo nano /etc/apache2/httpd.conf
Add the following to your end of your config file:
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Options all -Indexes
FileETag None
Be sure to restart Apache after:
sudo systemctl restart apache2.service
Here is a explanation of these directives:
ServerTokens Prod — This is the least amount of information you can provide
ServerSignature Off — This disabled showing OS and apache version
TraceEnable Off — Server will return a (Method not allowed) 405 error to the client.
Options all -Indexes — Turns off directory browsing
FileETag None — Hides private details about your server. Required if you need to be PCI compliant.