WordPress

How do I prevent user enumeration on my WordPress site?

Read more about How do I prevent user enumeration on my WordPress site?

WordPress leaks usernames in several ways. In truth there is no way to fully prevent user enumeration, particularly if your website makes use of authors pages. However, you can certainly reduce the attack surface and make user enumeration harder by following the below steps:

Disable the WordPress REST API if you are not using it,
Disable WordPress XML-RPC if you are not using it,
Configure your web server to block requests to /?author=<number>,
Don’t expose /wp-admin and /wp-login.php directly to the public Internet.

Cloudflare Firewall Rules for Securing WordPress

Read more about Cloudflare Firewall Rules for Securing WordPress

Cloudflare Firewall Rules for Securing WordPress This guide is aimed at security-minded webmasters who run a WordPress site or blog on a Cloudflare-enabled domain. On the free plan, Cloudflare grants five firewall rules that are empty by default. By adding WordPress-specific rules I describe on this page, you can secure your site and block attacks before they even reach your web host's server. now you can pass anyone if you are using it somehow

Wordpress htaccess configuration

Read more about Wordpress htaccess configuration

as you know that WordPress is one of the most famous CMS in the world but unforunatily it is not secure enough and we have to protect it somehow abd also we need to setup some cache configuration in the htaccess

First thing you need to do is to disable directory listing by adding this line to .htaccess

Options All -Indexes

the other thing you need to do is to setup the objects cache (image/css files/ js files)

this is one of the best code we can use

WordPress important Plugins

Read more about WordPress important Plugins

When you install WordPress it is very important to install some plugins that can protect your website, here we will list some of them