Each WordPress installation in the root directory of the application has a wp-config.php file to which you need to add these two lines of code to the very bottom of the file:
// SECURE WP
define( 'FORCE_SSL_ADMIN', true );
define( 'DISALLOW_FILE_MODS', true );
FORCE_SSL_ADMIN provides an administrative interface by disabling it without the use of the SSL protocol, thus protecting data from accidental detection.
DISALLOW_FILE_MODS secures the system by disabling any system updates, including upgrades. By enabling this option, you significantly increase the security of the application, both from errors of administration users and from problems arising from add-ons or the WordPress system itself.