Security & Performance focus
Only use if you know what you need. WordPress plugin with some hardcoded, opinionated defaults for enhanced security and reduced feature set. Generic and theme-independent implementation with a modern code style.
Intended for developers – Not end users
Due to use of many 3rd party sources, this plugin is not official. Take what you need or use the setup as boilerplate for your own plugins.
Some features are breaking changes and limit functionality of plugins. Unneeded features can be disabled in code.
- Disable XMLRPC API (breaks mobile app use!)
- Disallow login via email address (use username instead)
- Disable oEmbed
- Remove login error message
- Remove meta tags and version numbers
- Remove links + HTML from posted comments (anti-spam)
- Disable Emoji font and styles (can still be used via Unicode)
- Remove unused links from
<head>(e.g. feeds) - Move all loaded scripts to document end (remove from head)
- Disable redundant self ping (reduce server load)
- Delay post publication via RSS (ideal for last-minute QA and fixes)
- Set image quality to 100% (use plugins for compression)
- Clean and modern OOP style
Copy the folder content in your WordPress installation.
All features are loaded modular and can be edited here:
/wp-content/plugins/codeconut-global/app/class.php
Use of submodules is recommended:
git submodule add USER:REPOSITORY wp-content/plugins/codeconut-global
Call this from web root. The path must not be preceded with a slash.
This plugin combines a few great public resources into one package.
Andreas Hecht
Cloudflare
- https://blog.cloudflare.com/wordpress-pingback-attacks-and-our-waf
- https://blog.cloudflare.com/a-look-at-the-new-wordpress-brute-force-amplification-attack
WpBeginner