{ "slug": "lockdown", "properties": { "slug": "lockdown", "name": "WP Lockdown", "sidebar_name": "Lockdown", "show_module_menu_item": false, "show_module_options": true, "storage_key": "lockdown", "tagline": "Harden the more loosely controlled settings of your site", "show_central": true, "access_restricted": true, "premium": false, "run_if_whitelisted": false, "run_if_verified_bot": false, "run_if_wpcli": false, "order": 90 }, "sections": [ { "primary": true, "slug": "section_apixml", "title": "WordPress System Lockdown", "title_short": "System", "beacon_id": 413, "summary": [ "Purpose - Lockdown certain core WordPress system features.", "Recommendation - This depends on your usage and needs for certain WordPress functions and features." ] }, { "slug": "section_permission_access_options", "title": "Permissions and Access Options", "title_short": "Permissions", "beacon_id": 415, "summary": [ "Purpose - Provides finer control of certain WordPress permissions.", "Recommendation - Only enable SSL if you have a valid certificate installed." ] }, { "slug": "section_wordpress_obscurity_options", "title": "WordPress Obscurity Options", "title_short": "Obscurity", "beacon_id": 418, "summary": [ "Purpose - Obscures certain WordPress settings from public view.", "Recommendation - Obscurity is not true security and so these settings are down to your personal tastes." ] }, { "slug": "section_enable_plugin_feature_wordpress_lockdown", "title": "Enable Module: Lockdown", "title_short": "Disable Module", "beacon_id": 272, "summary": [ "Purpose - Lockdown helps secure-up certain loosely-controlled WordPress settings on your site.", "Recommendation - Keep the Lockdown feature turned on." ] }, { "slug": "section_non_ui", "hidden": true } ], "options": [ { "key": "enable_lockdown", "section": "section_enable_plugin_feature_wordpress_lockdown", "advanced": true, "default": "Y", "type": "checkbox", "link_info": "https://shsec.io/4r", "link_blog": "", "beacon_id": 272, "name": "Enable Lockdown", "summary": "Enable (or Disable) The Lockdown module", "description": "Un-Checking this option will completely disable the Lockdown module" }, { "key": "disable_xmlrpc", "section": "section_apixml", "default": "N", "type": "checkbox", "link_info": "https://shsec.io/e6", "link_blog": "https://shsec.io/fb", "beacon_id": 414, "name": "Disable XML-RPC", "summary": "Disable The XML-RPC System", "description": "Checking this option will completely turn off the whole XML-RPC system." }, { "key": "disable_anonymous_restapi", "section": "section_apixml", "advanced": true, "default": "N", "type": "checkbox", "link_info": "", "link_blog": "", "name": "Anonymous Rest API", "summary": "Disable The Anonymous Rest API", "description": "Checking this option will completely turn off the whole Anonymous Rest API system." }, { "key": "api_namespace_exclusions", "section": "section_non_ui", "default": [ "contact-form-7", "jetpack", "woocommerce" ], "type": "array", "link_info": "", "link_blog": "", "name": "Rest API Exclusions", "summary": "Anonymous REST API Exclusions", "description": "Any namespaces provided here will be excluded from the Anonymous API restriction." }, { "key": "disable_file_editing", "section": "section_permission_access_options", "default": "N", "type": "checkbox", "link_info": "https://shsec.io/4q", "link_blog": "https://shsec.io/hk", "beacon_id": 416, "name": "Disable File Editing", "summary": "Disable Ability To Edit Files From Within WordPress", "description": "Removes the option to directly edit any files from within the WordPress admin area. Equivalent to setting 'DISALLOW_FILE_EDIT' to TRUE." }, { "key": "force_ssl_admin", "section": "section_permission_access_options", "default": "N", "type": "checkbox", "link_info": "https://shsec.io/4t", "link_blog": "", "beacon_id": 417, "name": "Force SSL Admin", "summary": "Forces WordPress Admin Dashboard To Be Delivered Over SSL", "description": "Please only enable this option if you have a valid SSL certificate installed. Equivalent to setting 'FORCE_SSL_ADMIN' to TRUE." }, { "key": "block_author_discovery", "section": "section_wordpress_obscurity_options", "default": "Y", "type": "checkbox", "link_info": "https://shsec.io/wpsf23", "link_blog": "", "name": "Block Username Fishing", "summary": "Block the ability to discover WordPress usernames based on author IDs", "description": "When enabled, any URL requests containing 'author=' will be killed. Warning: Enabling this option may interfere with expected operations of your site." }, { "key": "clean_wp_rubbish", "section": "section_wordpress_obscurity_options", "default": "N", "type": "checkbox", "link_info": "", "link_blog": "", "name": "Clean WP Files", "summary": "Automatically Delete Unnecessary WP Files", "description": "Automatically delete WordPress files like wp-config-sample.php." }, { "key": "hide_wordpress_generator_tag", "section": "section_wordpress_obscurity_options", "default": "N", "type": "checkbox", "link_info": "", "link_blog": "", "name": "WP Generator Tag", "summary": "Remove WP Generator Meta Tag", "description": "Remove a meta tag from your WordPress pages that publicly displays that your site is WordPress and its current version." } ], "definitions": { "default_restapi_exclusions": [ "contact-form-7", "jetpack", "tho", "wpstatistics", "woocommerce" ], "events": { "block_anonymous_restapi": { "audit_params": [ "namespace" ], "level": "warning", "recent": true }, "block_xml": { "level": "notice", "recent": true, "offense": true } } } }