Use the following code on your .htaccess file to prevent hackers from using the PHP GLOBALS and _REQUEST variables to inject any malicious scripts into your website to gain access to your WordPress admin area.
# BEGIN Protect Against Script Injections Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} ((left pointy bracket)|%3C).*script.*((right pointy bracket)|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L] # END Protect Against Script Injections