WP Keep Soul 2.O – One Click Website Reputation and Protection

Download Plugin(2.O -BETA) Download Plugin(1.O)

The plugin has been tested exclusively with the Flatsome theme. There are REST API and XML-RPC restrictions in place that may block user tracking functions. You can edit these functions in the `functions.php` file of your theme’s codebase to enable your tracking system to work properly.

Additionally, when the Admin Panel Security feature is activated, access to the admin panel will be fully restricted, allowing editing only for pages and posts.

WP-KeepSoul 2.O Features

01

Remove WordPress version number
– Conceals the WordPress version to prevent targeted attacks on known vulnerabilities.

02

Remove version numbers from scripts and styles
– Prevents exploitation of vulnerabilities in outdated or specific library versions.

03

Restrict REST API for unauthorized users
– Limits exposure of sensitive data and unauthorized API access.

04

Disable XML-RPC
– Stops brute force attacks, DoS, and exploitation of XML-RPC-related vulnerabilities.

05

Generate and apply CSP (Content Security Policy) nonces
– Mitigates cross-site scripting (XSS) by only allowing approved scripts to execute.

06

Add Subresource Integrity (SRI) for specific scripts
– Ensures that only untampered scripts/styles are loaded, securing resources from being modified in transit.

07

Set Referrer-Policy header
– Protects user privacy by limiting how much referral information is shared with external sites.

08

Set Permissions-Policy header
– Restricts browser feature access, such as camera or microphone, to prevent unauthorized use.

09

Disable User Panel-Wordpress Admin Dashboard
– Protection even if the admin panel is accessed by attacker and got admin privilages.

10

Enforce HTTPS with Strict-Transport-Security (HSTS)
– Ensures all communications are encrypted, preventing man-in-the-middle attacks.

11

Remove X-Powered-By header
– Conceals technology stack information to reduce the risk of targeted attacks.

12

Disable file editing in the WordPress admin panel
– Prevents tampering or injection of malicious code by unauthorized or compromised admin accounts.

13

Disable plugin and theme installation and updates
– Blocks unauthorized installation of potentially insecure or malicious plugins/themes.

14

Disable direct file editing
– Reduces risk of malicious code being directly injected via the WordPress dashboard.

15

Force HTTPS
– Ensures secure data transmission by encrypting all traffic.

16

Backup the original `functions.php` file during activation
– Provides a fallback to restore site functionality in case of accidental or malicious modifications.

17

Add original `functions.php` file restore option
– Simplifies recovery from errors or malicious changes to the `functions.php` file.

Note:

Full Report of 2.O is not yet ready, but can refer 1.O Report here: WP-KeepSoul 1.O


CONTACT ME

Email: contact@raj-bhat.com

Phone : +447776629565 / +917259528906