Hardening > Hardening

Manage your hardening features

Accessible for the Developer and Business plan users only.

Hardening Features

From the Hardening page you can manage the settings such as:

  1. Auto Update Software - Select what needs to be automatically updated each time WordPress looks for updates in the background. Keep in mind that if a plugin update contains a bug or a fatal error, it could break your application. In case you want to activate Auto Updating, check the corresponding checkboxes and click Save Settings at the bottom of this section
  2. Disable the theme editor - This could protect you from potential automated attacks that involve the theme editor
  3. Remove readme.html - This will attempt to stop basic readme.txt scans
  4. Disable user enumeration - Block hackers from getting your usernames
  5. Hide WordPress version - removes the WordPress version in the tag in the HTML output
  6. Enable activity log - every user action will be recorded and put to activity logs
  7. Log failed logins - If this is checked along with the activity logs, we will also log failed login attempts
  8. Block Application Passwords - Disables the application passwords feature introduces in WordPress 5.6
  9. Restrict XML-RPC Access - restricts access to xmlrpc.php by only allowing authenticated users to access it
  10. Restrict WP REST API Access - Restricts access to the WP Rest API by only allowing authenticated users to access it

Lastly, we have Registration Email Blacklist input, from which you can block users with certain emails or email domains. You need to separate emails with commas.

For example if we want to block:

In that case we type in "[email protected], @example.com"

Remember to click Save Changes after making any changes.


reCaptcha is a powerful tool for protecting your application against different spambots.
With Patchstack, you can integrate reCaptcha easily into your WordPress applications':

  • Commenting forms
  • Login form
  • Registration form
  • Password reset form

You can choose whether to use reCaptcha v2 or reCaptcha v3.
Find information about different reCaptcha versions here!

To activate Google reCaptcha on your site, you will have to generate a reCaptcha Public Key and reCaptcha Secret Key. Here is a tutorial how to generate those: https://docs.patchstack.com/docs/how-to-get-the-site-and-secret-key-for-the-recaptcha-feature

After all the changes, click on Save Settings.