There is no license information available for the latest version (1.0.6) of this package.

Basic security helper for WordPress.

1.0.6 2017-11-27 07:08 UTC

This package is auto-updated.

Last update: 2024-06-28 02:06:18 UTC


Basic WordPress Security

Software License Build Status Quality Score

Basic security helper for WordPress.


  • PHP Files Editation Disabled.
  • Directory Listing Disabled.
  • PHP Files Forbidden for uploads and wp-includes.
  • Disallow file editor for (plugins & themes).
  • Remove WordPress version from assets url.
  • Disable REST API methods to anonymous users.
  • Disable XmlRpc service.
  • Disallow upload plugin/theme zip file manually via dashboard.
  • Prevent deactivate security without FTP or file manager access.

Getting Started

via composer

  1. from wp-content/plugins folder run composer create-project yemenifree/wp-security
  2. Activate the plugin through the 'Plugins' menu in WordPress
  3. All done.


  1. Download last version
  2. unzip & rename folder to wp-security
  3. Upload the folder wp-security to the /wp-content/plugins/ directory
  4. Activate the plugin through the 'Plugins' menu in WordPress
  5. All done.


  1. Remove lock file /wp-content/plugins/wp-security/.wp-security-lock via FTP or file manager (CPanel).
  2. Deactivate plugin through the "Plugins page" in WordPress.
  3. Uninstall plugin.

Why lock file

The goal of this plugin prevents use some built-in functions to a hacking website by users they have access to the dashboard, so to confirmed deactivate this plugin you need access to FTP or CPanel to remove the lock file.


  • Secure/Scan all upload files.
  • Disable upload plugin manually (zip plugin) form admin panel.

Change log

Please see CHANGELOG for more information on what has changed recently.


Please see CONTRIBUTING for details.


If you discover any security related issues, please email instead of using the issue tracker.



The MIT License (MIT). Please see License File for more information.