Each WordPress installation in the root directory of the application has a file wp-config.php to which you need to add these two lines of code to the very bottom of the file:
// SECURE WP
define( 'FORCE_SSL_ADMIN', true );
define( 'DISALLOW_FILE_MODS', true );
FORCE_SSL_ADMIN provides an administrative interface by disabling it without using the SSL protocol, thus protecting data from accidental detection.
DISALLOW_FILE_MODS secures the system by disabling any system updates, including upgrades. By enabling this option, you significantly increase the security of the application, both from errors of administration users and from problems arising from add-ons or the WordPress system itself.