Not sure about using built in security options that are within softaculous Wordpress manager.
Does anyone know if they will affect my inode and PHP limits on infinityfree?
Should I just enable all or what do you recommend?
Thanx for any suggestions
The vast majority are already in effect on the server
Inode - it could increase, but I believe nothing dramatic
PHP - in general, there is no benefit from the âprotection scriptâ that is on the server
because every HTTP request has to be processed by the server
will the script return something like 403 or nothing anyway it consumes CPU and RAM
Change default administratorâs username
WordPress does not allow to change the username and if you installed WordPress with administrator username âadminâ your site can be at risk if someone tries to bruteforce with the username admin. This security option changes the username from admin to randomly generated username. You can use the Login button in WordPress Manager to login with the newly created admin account.
Restrict access to files and directories
Insecure permissions for files and directories can lead to unauthorized accessed by hackers and used to compromise your website. This security option sets the permissions for the wp-config.php file to 0600, other files to 0644, and directories to 0755.
Block unauthorized access to xmlrpc.php
This security option prevents access to the xmlrpc.php
Note: Custom directives in the .htaccess files might override this.
Block access to .htaccess and .htpasswd
Gaining access to .htaccess and .htpasswd files allows attackers to subject your website to a variety of exploits and security breaches. This security option ensures that .htaccess and .htpasswd files cannot be accessed over the web by abusers.
Turn off pingbacks
Pingbacks allow other WordPress websites to automatically leave comments under your posts when these websites link to these posts. Pingbacks can be abused to use your website for DDoS attacks on other sites. This security option turns off XML-RPC pingbacks for your whole website and also disables pingbacks for previously created posts with pingbacks enabled.
Disable file editing in WordPress Dashboard
Disabling file editing in WordPress removes the ability to directly edit the plugin and theme source files in the WordPress interface. This option adds an additional layer of protection for the WordPress website in case one of WordPress admin accounts is compromised. In particular, it prevents compromised accounts from easily adding malicious executable code to plugins or themes.
Block author scans
Author scans are used to find usernames of registered users using uids (especially WordPress admin) and eventually brute-force attack the login page of your website to gain access. This security option prevents such scans from exposing the usernames.
Note: Depending on the permalink configuration on your website this option might prevent visitors from accessing pages that list all articles written by a particular author.
Block directory browsing
If directory browsing is turned on, hackers can obtain various information about your website that can potentially compromise its security. Directory browsing is usually turned off by default, but if it is turned on, this security option can block it.
Forbid execution of PHP scripts in the wp-includes directory
The wp-includes directory may contain insecure PHP files that can be executed to take over and exploit your website. This security option prevents the execution of PHP files in the wp-includes directory.
Note: Custom directives in the .htaccess files might override this.
Forbid execution of PHP scripts in the wp-content/uploads directory
The wp-content/uploads directory may contain insecure PHP files that can be executed to take over and exploit your website. This security option prevents the execution of PHP files in the wp-content/uploads directory.
Note: Custom directives in the .htaccess files might override this.
Disable scripts concatenation for WordPress admin panel
This security option turns off concatenation of scripts running in the WordPress admin panel, preventing your website from being affected by certain DoS attacks. Turning off concatenation of scripts might slightly affect the performance of WordPress admin panel, but it should not affect visitorsâ experience on your WordPress website.
Block access to sensitive files
This security option prevents public access to certain files that can contain sensitive information like connection credentials or various information that can be used to determine which known exploits are vulnerable to your WordPress website.
Enable bot protection
This option protects your website from useless, malicious or otherwise harmful bots. It blocks bots that scan your website for vulnerabilities and overload your website with unwanted requests, causing resource overuse.
Note: You might want to temporarily disable this measure if youâre planning to use an online service to scan your website for vulnerabilities, since these services might also use such bots.
8 Likes
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.