This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Zorro – WordPress


Attention: If you use WP Super Cache the HTTP-Headers will always overwritten and all header adjustments by WP Zorro will not work.

With Zorro you will enable some basic security settings for your WordPress installation. The current version adds
the following features:

  • removes version indicator from html head and rss feed
  • removes version parameter from enqueued styles and scripts
  • disables text from login screen which can used to brute force usernames
  • removes pingback, super cache and x powered by header
  • adds x-frame-option with SAMEORIGIN policy

More features will hopefully come in future versions


You can just download to plugin through the WordPress Plugin Repository or install it manually:

  1. Upload zorro.php to the /wp-content/plugins/zorro directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Done.


Does this plugin secures me 100%?

No. It just helps you to add some basic security settings. Depending on your plugins and themes you might be at risk anyway.

Contributors & Developers

“Zorro – WordPress” is open source software. The following people have contributed to this plugin.


Translate “Zorro – WordPress” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Fixed some issues and


  • Initial release with some basic settings