WordPress Security (Part 06)
Disable Restful API: Restful API makes two websites able to talk to each other. You can say Restful API is a medium of communication.
WordPress has this feature which you should disable if you don’t need it. WordPress Rest APIs can display some information that you don’t want to disclose and for which the hacker may search.
I suggest you disable it by reading this article.
Disable XML-RPC: WordPress supports XML-RPC which is a medium of communication like Rest API. I will not go into the details of XML-RPC and JSON REST API because this topic is out of the scope of this course.
The main purpose of XML-RPC is to support Weblog Client software.
Weblog Client is software you run on your local machine (desktop) that lets you post to your WordPress blog.
If you don’t use this dying feature of WordPress then keep it disabled. Because this is the favourite target for malicious actors. Read this article to disable this feature.
Configure Email SMTP: WordPress sends you email notifications in many situations like the admin email or password is changed or comment is published etc.
Here is a full list of WordPress email notifications.
If an intruder does some unwanted actions then you will be notified and can take immediate action. Thats why configuring Email SMTP is important for your security.
Read this article for configuring SMTP without a plugin.
