WordPress.org

Brezhoneg

Get WordPress
WordPress.org

Plugin Directory

Secure Setup

Secure Setup

By Deep Rahman
Download

Description

Securing Setup helps protect your WordPress installation by:
1. Allowing users to set recommended file permissions for directories and subdirectories.
2. Automatically modifying the .htaccess file to:
– Protect the debug.log file from being accessed via the web.
– Restrict execution of specific file types (e.g., .png, .jpg), ensuring only selected file types are processed by the web server.
3. Disabling sensitive WordPress endpoints such as:
system.multicall from XML-RPC.
– The users endpoint in the REST API.

The plugin is user-friendly and includes an easy-to-access settings page.

You can view or contribute to the plugin’s source code on GitHub:
[GitHub Repository]https://github.com/deeprahman/sswp)

Features

  • Set directory and subdirectory permissions for enhanced security.
  • Automate .htaccess file modifications.
  • Disable potentially vulnerable endpoints.
  • Tested with the latest version of WordPress.

Notes

After activation, the plugin adds a submenu named File Permission under the Tools menu, where you can configure settings.

Installation

  1. Upload the securing-setup folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Navigate to Tools > File Permission to configure settings.

FAQ

What are recommended file permissions?

The plugin will recommend secure file permissions (e.g., 755 for directories and 644 for files) to reduce risks from unauthorized access.

Can I undo `.htaccess` modifications?

Yes, the plugin provides options to revert changes made to the .htaccess file.

Will this plugin break my media uploads or other file handling?

No, you can configure which file types are allowed for execution by the web server, ensuring normal functionality.

What endpoints are disabled by this plugin?

The plugin disables:
– The system.multicall function in XML-RPC to prevent potential attacks.
– The users endpoint in the REST API to hide user enumeration.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Secure Setup” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Secure Setup” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.2

  • Readme updated

1.0.1

  • Added OS warning.
  • Implemented REST API rate limiting.

1.0.0

  • Initial release.
  • File permissions management for directories and files.
  • .htaccess customization for secure file handling.
  • Disabled system.multicall and users REST endpoint for added protection.

Meta

Ratings

No reviews have been submitted yet.

Add my review

See all reviews

Support

Got something to say? Need help?

View support forum