Janric Simple Hardening

A lightweight plugin to disable XML-RPC, restrict the REST API, and hide the WordPress version.

In simple terms this is what happens and why:
• Disable XML-RPC - this is a horrible backdoor that most WordPress sites don't need but is an absolute nightmare. Hackers can utilise this feature to submit hundreds of user-id / password combinations in one go bypassing any security you havew on your login form! And if any of those pairs work then they are given the thumbs up to access your admin.

• Restrict REST API - a huge feature of security is hiding your userid, hence why many years ago WordPress stopped using the default "Admin" userid when you create a new site. But the REST API allows anyone to easily view a list of users, so we block that here too.

• Hide WordPress Version - view the source of your website and you'll see the WordPress version you have installed. Sounds pointless, but if you are not on the absolutely most recent version of WordPress they can quickly look up what security exploits to use to attack your website.

These are all essential and MUST be fixed or your site is susceptible. Some sources suggest 99.9% or attacks can be bloicked just by these changes.

We don't create one plugin fixes everything - we produce compact, efficient plugis that aren't full of bloat and do what's needed. Have a look at the rest of our wordpress security plugins to see how else we can help.