Basic WordPress Security
![Quality Score][ico-code-quality], (*1)
Basic security helper for WordPress., (*2)
Features
- PHP Files Editation Disabled.
- Directory Listing Disabled.
- PHP Files Forbidden for
uploads and wp-includes.
- Disallow file editor for (plugins & themes).
- Remove WordPress version from assets url.
- Disable REST API methods to anonymous users.
- Disable XmlRpc service.
- Disallow upload plugin/theme zip file manually via dashboard.
- Prevent deactivate security without FTP or file manager access.
Getting Started
via composer
- from
wp-content/plugins folder run composer create-project yemenifree/wp-security
- Activate the plugin through the 'Plugins' menu in WordPress
- All done.
Manually
- Download last version
- unzip & rename folder to
wp-security
- Upload the folder
wp-security to the /wp-content/plugins/ directory
- Activate the plugin through the 'Plugins' menu in WordPress
- All done.
Uninstall
- Remove lock file
/wp-content/plugins/wp-security/.wp-security-lock via FTP or file manager (CPanel).
- Deactivate plugin through the "Plugins page" in WordPress.
- Uninstall plugin.
Why lock file
The goal of this plugin prevents use some built-in functions to a hacking website by users they have access to the dashboard, so to confirmed deactivate this plugin you need access to FTP or CPanel to remove the lock file., (*3)
TODO
- Secure/Scan all upload files.
- ~~Disable upload plugin manually (zip plugin) form admin panel.~~
Change log
Please see CHANGELOG for more information on what has changed recently., (*4)
Contributing
Please see CONTRIBUTING for details., (*5)
Security
If you discover any security related issues, please email yemenifree@yandex.com instead of using the issue tracker., (*6)
Credits
License
The MIT License (MIT). Please see License File for more information., (*7)
Wallogit.com
