🚀 SecureCheap is live — Start free →
Security
WordPress Hardening

WordPress Hardening

One click. Production-grade security.

The 10 security checks

Each connected WordPress site is continuously evaluated against these checks:

#CheckSeverityWhat it does
1XML-RPC DisabledHighBlocks the xmlrpc.php brute-force attack surface
2Debug Mode OffHighHides PHP errors that leak paths and config
3Directory Browsing BlockedMediumPrevents auto-indexing of folders
4PHP Blocked in UploadsCriticalStops webshell uploads via /wp-content/uploads/
5File Editor DisabledHighRemoves the plugin/theme code editor in wp-admin
6WP Version HiddenLowStrips the WP version from page sources
7Force HTTPSHighRedirects HTTP → HTTPS, sets secure cookies
8Security HeadersMediumHSTS, X-Frame-Options, CSP, Referrer-Policy
9No Fatal ErrorsHighAggregated from WP error log
10No Vulnerable PluginsCriticalCross-references installed plugins against WPVulnDB

How to use it

  1. Install the SecureCheap plugin on your WordPress site (one-line installer)
  2. Connect it with your activation code from the dashboard
  3. Go to Infrastructure → WP Hardening
  4. Click Apply All Fixes on any site card, or fix individual checks

Every fix is queued, applied by the plugin, then verified back. The check only shows green after the plugin confirms the change took effect.

Per-site automation

Bulk operations work across all connected sites — apply a fix to your whole fleet in one action.

API

GET  /api/v1/wp/admin/hardening-center
POST /api/v1/wp/admin/:siteId/harden-all
POST /api/v1/wp/admin/:siteId/harden/xmlrpc
POST /api/v1/wp/admin/:siteId/harden/block-php-uploads