{"id":214443,"date":"2025-03-19T16:38:04","date_gmt":"2025-03-19T16:38:04","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/secure-setup\/"},"modified":"2025-04-17T13:17:32","modified_gmt":"2025-04-17T13:17:32","slug":"secure-setup","status":"closed","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/secure-setup\/","author":23198668,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.2","stable_tag":"1.0.2","tested":"6.8.5","requires":"5.2","requires_php":"7.2","requires_plugins":null,"header_name":"Secure Setup","header_author":"Deep","header_description":"This plugin helps secure your WordPress website by implementing various security measures.","assets_banners_color":"358b72","last_updated":"2025-04-17 13:17:32","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/deeprahman.com\/wp-secure-setup","header_author_uri":"https:\/\/deeprahman.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":651,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.1":{"tag":"1.0.1","author":"deepwebdev","date":"2025-03-19 16:37:30"},"1.0.2":{"tag":"1.0.2","author":"deepwebdev","date":"2025-04-17 13:17:32"}},"upgrade_notice":{"1.0.0":"<p>Initial release. Ensure your PHP version is 7.2 or higher and WordPress is updated to the latest version.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3258676,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":3258676,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1","1.0.2"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"<strong>Settings Page<\/strong> - The File Permission settings and <code>.htaccess<\/code> configuration panel.","2":"<strong>Recommended File Permissions<\/strong> - Displays the recommended permissions for a secure WordPress setup."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[239739,1329,23853,600,1173],"plugin_category":[54],"plugin_contributors":[239740],"plugin_business_model":[],"class_list":["post-214443","plugin","type-plugin","status-closed","hentry","plugin_tags-file-permissions","plugin_tags-htaccess","plugin_tags-rest-api","plugin_tags-security","plugin_tags-wordpress-security","plugin_category-security-and-spam-protection","plugin_contributors-deeprahman","plugin_committers-deepwebdev"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/secure-setup_358b72.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Securing Setup<\/strong> helps protect your WordPress installation by:\n1. Allowing users to set recommended file permissions for directories and subdirectories.\n2. Automatically modifying the <code>.htaccess<\/code> file to:\n   - Protect the <code>debug.log<\/code> file from being accessed via the web.\n   - Restrict execution of specific file types (e.g., <code>.png<\/code>, <code>.jpg<\/code>), ensuring only selected file types are processed by the web server.\n3. Disabling sensitive WordPress endpoints such as:\n   - <code>system.multicall<\/code> from XML-RPC.\n   - The <code>users<\/code> endpoint in the REST API.<\/p>\n\n<p>The plugin is user-friendly and includes an easy-to-access settings page.<\/p>\n\n<p>You can view or contribute to the plugin's source code on GitHub:\n[GitHub Repository]https:\/\/github.com\/deeprahman\/sswp)<\/p>\n\n<h3>Features<\/h3>\n\n<ul>\n<li>Set directory and subdirectory permissions for enhanced security.<\/li>\n<li>Automate <code>.htaccess<\/code> file modifications.<\/li>\n<li>Disable potentially vulnerable endpoints.<\/li>\n<li>Tested with the latest version of WordPress.<\/li>\n<\/ul>\n\n<h3>Notes<\/h3>\n\n<p>After activation, the plugin adds a submenu named <strong>File Permission<\/strong> under the Tools menu, where you can configure settings.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>securing-setup<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n<li>Navigate to <strong>Tools &gt; File Permission<\/strong> to configure settings.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='what%20are%20recommended%20file%20permissions%3F'><h3>What are recommended file permissions?<\/h3><\/dt>\n<dd><p>The plugin will recommend secure file permissions (e.g., <code>755<\/code> for directories and <code>644<\/code> for files) to reduce risks from unauthorized access.<\/p><\/dd>\n<dt id='can%20i%20undo%20%60.htaccess%60%20modifications%3F'><h3>Can I undo `.htaccess` modifications?<\/h3><\/dt>\n<dd><p>Yes, the plugin provides options to revert changes made to the <code>.htaccess<\/code> file.<\/p><\/dd>\n<dt id='will%20this%20plugin%20break%20my%20media%20uploads%20or%20other%20file%20handling%3F'><h3>Will this plugin break my media uploads or other file handling?<\/h3><\/dt>\n<dd><p>No, you can configure which file types are allowed for execution by the web server, ensuring normal functionality.<\/p><\/dd>\n<dt id='what%20endpoints%20are%20disabled%20by%20this%20plugin%3F'><h3>What endpoints are disabled by this plugin?<\/h3><\/dt>\n<dd><p>The plugin disables:\n- The <code>system.multicall<\/code> function in XML-RPC to prevent potential attacks.\n- The <code>users<\/code> endpoint in the REST API to hide user enumeration.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Readme updated<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Added OS warning.<\/li>\n<li>Implemented REST API rate limiting.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>File permissions management for directories and files.<\/li>\n<li><code>.htaccess<\/code> customization for secure file handling.<\/li>\n<li>Disabled <code>system.multicall<\/code> and <code>users<\/code> REST endpoint for added protection.<\/li>\n<li><\/li>\n<\/ul>","raw_excerpt":"Enhance WordPress security by setting recommended file permissions, securing .htaccess, and disabling sensitive endpoints.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/214443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=214443"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/deepwebdev"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=214443"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=214443"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=214443"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=214443"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=214443"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=214443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}