Secure Setup
by Deep Rahman on WordPress.org
Enhance WordPress security by setting recommended file permissions, securing .htaccess, and disabling sensitive endpoints.
Securing Setup helps protect your WordPress installation by:
1. Allowing users to set recommended file permissions for directories and subdirectories.
2. Automatically modifying the .htaccess file to:
– Protect the debug.log file from being accessed via the web.
– Restrict execution of specific file types (e.g., .png, .jpg), ensuring only selected file types are processed by the web server.
3. Disabling sensitive WordPress endpoints such as:
– system.multicall from XML-RPC.
– The users endpoint in the REST API.
The plugin is user-friendly and includes an easy-to-access settings page.
You can view or contribute to the plugin’s source code on GitHub:
[GitHub Repository]https://github.com/deeprahman/sswp)
Features
- Set directory and subdirectory permissions for enhanced security.
- Automate
.htaccessfile modifications. - Disable potentially vulnerable endpoints.
- Tested with the latest version of WordPress.
Notes
After activation, the plugin adds a submenu named File Permission under the Tools menu, where you can configure settings.
