We are now Really Simple Security!
Read more about our journey.
About WordPress Hardening
Basic Hardening features
Basic Hardening features are a set of rules that limit or disable WordPress functionality that is either rarely used or not essential, while it potentially helps bad actors.
- Disable 'Anyone can register'
- Disable the built-in file editors
- Prevent code execution in the uploads folder
- Hide WordPress version
- Prevent login feedback
- Disable directory browsing
- Disable user enumeration
- Block the username 'admin'
- Disable XML-RPC
- Prevent identical login and display names
Advanced Hardening features
Advanced Hardening features are more advanced and fine grained security features that help to either obfuscate or restrict potential access points for bad actors.
- Disable HTTP methods
- Rename and randomize database prefix
- Change debug.log file location
- Disable application passwords
- Restrict creation of administrator roles
- Granular XML-RPC limitation
- File Permissions check
- Custom Login URL
XML-RPC
XML-RPC is a WordPress feature that allows authentication and login to the WordPress backend, outside the regular login interface. As this functionality is typically not used, or only by eg. the WordPress app, we want to disable it for other purposes.
- Convenient learning mode automates configuration
- Only allow relevant XML-RPC methods
