Releases: eilandert/wordpress-hardening-plugin
Releases · eilandert/wordpress-hardening-plugin
1.0.0.3rc3
Showstoppers for release 1.0.0:
- Better formatting?
- Review rules by someone else.
- More production testing and input from users.
Prerelease 1.0.0rc3
- modified regressiontests
- no more fp's due to simplyfied rules
- more OWASP formatting/compliance
Prerelease 1.0.0rc2
- Fixed some rules
- Squashed some rules
- Added workflows and integrations.
- All PL1 rules are now subject to the regression tests
Prerelease 1.0.0rc1
- Block xmlrpc.php access (configurable, default: block) (PL1)
- Block user enumeration (configurable, default: block) (PL1)
- Block user "admin" logins (configurable, default: block) (PL1)
- Block the wp-json restapi (configurable, default: non-block) (PL1)
- Block wp-cron.php (configurable, default: non-block) (PL1)
- Block direct php access in /wp-content/* and /wp-includes/* (PL1)
- Block direct file access to some files in / and other files/directories (PL1)
- Block other interpreters like .pl/.lua/.py/.sh (PL2)
- Block nasty files in uploads/* (PL1)
- Block access to sensitive files like .db/.orig/.sql/.log/.git (PL1)
- Block access to "/wp-json" (exact match, the api still works) (PL1)