General
General hardening settings are accessible for the Community (paid), Developer and Business plan users.
The general hardening settings are extra firewall rules to protect your website. These rules can be tweaked according to your needs.
To manage your site’s hardening settings, navigate to Sites > yourdomain.com > Hardening in Patchstack App.
On this page you can manage the following hardening settings:
- Disable the theme editor - this feature could protect you from potential automated attacks that involve the theme editor
- Remove readme.html from the WordPress root folder - this will attempt to stop basic readme.html scans by bots or visitors
- Block readme.txt access
- Disable user enumeration - this feature blocks hackers from getting your WordPress usernames
- Hide WordPress version - this feature removes the WordPress version in the <meta> tag in the HTML output
- Block WordPress application password feature - this feature disables the application passwords feature introduced in WordPress 5.6
- Restrict XML-RPC Access - this feature restricts access to xmlrpc.php by only allowing authenticated users to access it
- Restrict WP REST API Access - this feature restricts access to the WP Rest API by only allowing authenticated users to access it