Описание
Securing Setup helps protect your WordPress installation by:
1. Allowing users to set recommended file permissions for directories and subdirectories.
2. Automatically modifying the .htaccess file to:
— Protect the debug.log file from being accessed via the web.
— Restrict execution of specific file types (e.g., .png, .jpg), ensuring only selected file types are processed by the web server.
3. Disabling sensitive WordPress endpoints such as:
— system.multicall from XML-RPC.
— The users endpoint in the REST API.
The plugin is user-friendly and includes an easy-to-access settings page.
You can view or contribute to the plugin’s source code on GitHub:
[GitHub Repository]https://github.com/deeprahman/sswp)
Features
- Set directory and subdirectory permissions for enhanced security.
- Automate
.htaccessfile modifications. - Disable potentially vulnerable endpoints.
- Tested with the latest version of WordPress.
Notes
After activation, the plugin adds a submenu named File Permission under the Tools menu, where you can configure settings.
Установка
- Upload the
securing-setupfolder to the/wp-content/plugins/directory. - Activate the plugin through the ‘Plugins’ menu in WordPress.
- Navigate to Tools > File Permission to configure settings.
Часто задаваемые вопросы
-
What are recommended file permissions?
-
The plugin will recommend secure file permissions (e.g.,
755for directories and644for files) to reduce risks from unauthorized access. -
Can I undo `.htaccess` modifications?
-
Yes, the plugin provides options to revert changes made to the
.htaccessfile. -
Will this plugin break my media uploads or other file handling?
-
No, you can configure which file types are allowed for execution by the web server, ensuring normal functionality.
-
What endpoints are disabled by this plugin?
-
The plugin disables:
— Thesystem.multicallfunction in XML-RPC to prevent potential attacks.
— Theusersendpoint in the REST API to hide user enumeration.
Отзывы
Нет отзывов об этом плагине.
Участники и разработчики
«Secure Setup» — проект с открытым исходным кодом. В развитие плагина внесли свой вклад следующие участники:
Участники
Перевести «Secure Setup» на ваш язык.
Заинтересованы в разработке?
Посмотрите код, проверьте SVN репозиторий, или подпишитесь на журнал разработки по RSS.
Журнал изменений
1.0.2
- Readme updated
1.0.1
- Added OS warning.
- Implemented REST API rate limiting.
1.0.0
- Initial release.
- File permissions management for directories and files.
.htaccesscustomization for secure file handling.- Disabled
system.multicallandusersREST endpoint for added protection.