Hardening Reference
Detailed guidance on every security control available in SteelWP.
File & Execution Protection
File & Execution Protection
Uploads PHP Execution Protection
What This Does This protection prevents PHP files from executing within the WordPress uploads dir...
Block Direct PHP Access
What This Does This protection prevents direct access to PHP files that are not intended to be ac...
Prevent Execution in Sensitive Directories
What This Does This protection prevents PHP execution within directories that should only store d...
Directory & File Exposure
Directory & File Exposure
Disable Directory Listing
What This Does This protection disables directory listing on your web server. It prevents visitor...
Protect Backup Files
What This Does This protection prevents backup and archive files from being accessed directly via...
Protect Configuration Files
What This Does This protection restricts access to sensitive configuration files within your site...
WordPress Configuration Hardening
WordPress Configuration Hardening
Disable Debug Mode
What This Does This protection ensures that WordPress debug mode is disabled in production enviro...
Disable File Editing in Admin
What This Does This protection disables the built-in WordPress file editor within the admin dashb...
Restrict XML-RPC
What This Does This protection restricts or disables access to the WordPress XML-RPC interface. I...
HTTP & Browser Security
HTTP & Browser Security
Security Headers Overview
What This Covers This page provides an overview of HTTP security headers and how they help protec...
Content Security Policy (CSP)
What This Does Content Security Policy (CSP) defines which sources of content are allowed to load...
X-Frame-Options
What This Does This protection controls whether your site can be embedded inside an iframe on ano...
X-Content-Type-Options
What This Does This protection prevents browsers from trying to guess (or “sniff”) the content ty...
Referrer-Policy
What This Does This protection controls how much referral information is shared when users naviga...
Access & Surface Reduction
Access & Surface Reduction
Hide Version Information
What This Does This protection hides version information for WordPress and related components fro...
Restrict Sensitive Endpoints
What This Does This protection restricts access to sensitive WordPress endpoints that are commonl...
Limit Exposure of System Info
What This Does This protection reduces the amount of system and environment information exposed b...
Server-Aware Hardening
Server-Aware Hardening
Apache (.htaccess) Hardening
What This Covers This page explains how SteelWP applies hardening using Apache .htaccess configur...
Nginx Hardening
What This Covers This page explains how SteelWP supports hardening in Nginx-based environments. I...
IIS (web.config) Hardening
What This Covers This page explains how SteelWP applies hardening using IIS web.config configurat...
Defense in Depth with SteelWP
What This Means Security is not achieved through a single setting or control. Effective protectio...