Hardening Techniques

Hardning Your WordPress Site From Within

1. Automated Software Updates

• Description: Activate automatic updates for select components to ensure your site is always running the latest, secure versions.
• Benefit: Stay updated and secure without manual intervention.

2. Disable Theme Editor

• Description: We deactivate the in-built theme editor.
• Benefit: Prevents potential automated attacks via the theme editor.

3. Remove Readme.html

• Description: This file is removed from the root directory.
• Benefit: Thwarts basic scanning attacks targeting readme.txt files.

4. Disable User Enumeration

• Description: Block potential security threats from discovering usernames.
• Benefit: Reduces the risk of brute force attacks by keeping usernames hidden.

5. Hide WordPress Version

• Description: Remove the visible WordPress version from your site’s source code.
• Benefit: Further obscure site details from potential hackers.

6. Enable Activity Log

• Description: All user actions are diligently recorded.
• Benefit: Maintain a clear record of all activities, helping in audits and troubleshooting.

7. Log Failed Login Attempts

• Description: Along with activity logs, all failed login attempts are noted.
• Benefit: Track and identify potential brute-force attacks in real-time.

8. Block Application Passwords

• Description: Disable the application password feature introduced in WordPress 5.6.
• Benefit: Provides an additional layer of security by preventing potential misuse.

9. Restrict XML-RPC Access

• Description: Limited access to the xmlrpc.php file.
• Benefit: Only authenticated users can access, preventing misuse and DDoS attacks.

10. Restrict WP REST API Access

• Description: Secure the WP REST API by allowing access only to authenticated users.
• Benefit: Protect sensitive data and prevent unauthorized data manipulation.