DozWPSecure
A basic security plugin for WordPress 4.x, 5.0 or higher. You can selectively disable unused features in WordPress core, and this plugin will help you to remove unnecessary information to be disclosed to attackers. You can find more details in the User Manual.
Basic WP Security Hardening
- Remove WP Version Details
- Disable XMLRPC
- Disable Pingback
- Disable Windows Live Writer
- Disable RSS Feeds
- Disable JSON & REST API
- Enable Security Headers (X-Frame-Options, X-XSS-Protection, X-Content-Type-Options)
- Remove PHP Version Header
Optional Settings
- Remove HTML Comment Tags
- Trim HTML Response
Custom Login URL
- Customize Login URL
- Customize Login Logo URL
- Enforce HTTPS Login
Download:
Installation Guide & User Manual:
GitHub: