WP-KeepSoul 2.O Features
01
Remove WordPress version number
– Conceals the WordPress version to prevent targeted attacks on known vulnerabilities.
02
Remove version numbers from scripts and styles
– Prevents exploitation of vulnerabilities in outdated or specific library versions.
03
Restrict REST API for unauthorized users
– Limits exposure of sensitive data and unauthorized API access.
04
Disable XML-RPC
– Stops brute force attacks, DoS, and exploitation of XML-RPC-related vulnerabilities.
05
Generate and apply CSP (Content Security Policy) nonces
– Mitigates cross-site scripting (XSS) by only allowing approved scripts to execute.
06
Add Subresource Integrity (SRI) for specific scripts
– Ensures that only untampered scripts/styles are loaded, securing resources from being modified in transit.
07
Set Referrer-Policy header
– Protects user privacy by limiting how much referral information is shared with external sites.
08
Set Permissions-Policy header
– Restricts browser feature access, such as camera or microphone, to prevent unauthorized use.
09
Disable User Panel-Wordpress Admin Dashboard
– Protection even if the admin panel is accessed by attacker and got admin privilages.
10
Enforce HTTPS with Strict-Transport-Security (HSTS)
– Ensures all communications are encrypted, preventing man-in-the-middle attacks.
11
Remove X-Powered-By header
– Conceals technology stack information to reduce the risk of targeted attacks.
12
Disable file editing in the WordPress admin panel
– Prevents tampering or injection of malicious code by unauthorized or compromised admin accounts.
13
Disable plugin and theme installation and updates
– Blocks unauthorized installation of potentially insecure or malicious plugins/themes.
14
Disable direct file editing
– Reduces risk of malicious code being directly injected via the WordPress dashboard.
15
Force HTTPS
– Ensures secure data transmission by encrypting all traffic.
16
Backup the original `functions.php` file during activation
– Provides a fallback to restore site functionality in case of accidental or malicious modifications.
17
Add original `functions.php` file restore option
– Simplifies recovery from errors or malicious changes to the `functions.php` file.
Note:
Full Report of 2.O is not yet ready, but can refer 1.O Report here: WP-KeepSoul 1.O