webmasters.team Polski
WT Hardening icon

WT Hardening

Lightweight, modular WordPress security hardening — XML-RPC blocker, login limiter, security headers, event log, and more. Free and open-source.

Download from WordPress.org Download ZIP directly
Version 1.0.1 WordPress 6.0+ PHP 8.0+ GPL-2.0+

What it does

WT Hardening enables the most important WordPress hardening practices through hooks — without modifying your theme, wp-config.php, or .htaccess. Every module is independent and can be toggled in the admin panel. No external APIs, no telemetry, no PRO version.

Modules included

  • XML-RPC blocker — stops brute-force on the most attacked WP endpoint
  • User enumeration — blocks /wp/v2/users for guests
  • Author archive — redirects ?author=1 to homepage
  • Hide WP version — strips generator meta and asset versions
  • X-Pingback — removes the header from responses
  • Generic login errors — does not reveal whether a login exists
  • Login limiter — IP lockout after N failed attempts
  • File editor disable — sets DISALLOW_FILE_EDIT
  • Strong password policy — length and complexity for all forms
  • Security HTTP headers — X-Frame, nosniff, Referrer, Permissions, HSTS
  • Event log — logins, users, plugins, theme, settings (configurable retention)
  • Clean uninstall — drops all tables and options

Installation

Search for "WT Hardening" in Plugins → Add new in your WordPress admin, or upload the ZIP manually. Activate, open the WT Hardening menu, and configure modules — they all start with safe defaults.

Support

For bug reports and questions use the official support forum on WordPress.org or write to [email protected].