Auto Fixer Module

Disable Anyone can register

The fix will disable the "Anyone can register" option

Change WordPress installation address

WordPress installation address will be changed, so it's not the same as the site address. Please log in again after the fix is applied

Fix weak user passwords

This fix can change the password for users that have a weak one.

Hide unnecessary information on failed login attempts

A universal "wrong username or password" message without any details will be displayed on all failed login attempts.

Update wp-config.php permissions

wp-config.php file permissions will be changed to an optimal value (0440).

Move wp-config.php

Move the wp-config.php file one level up in the folder structure. This makes it more difficult for scripts to read values from. This file is critical to your website and your security as it holds database passwords and other relevant information.

Enable automatic WordPress core updates

The fix will enable automatic WordPress core updates.

Update WordPress Database Password

Update the WordPress database password to a stronger one.

Change database table prefix

Knowing the names of your database tables can help an attacker dump the table's data and get to sensitive information like password hashes.
Since WP table names are predefined, the only way you can change table names is by using a unique prefix.

 

You should choose something that is different from "wp_" or any similar variation such as "wordpress_".

Delete inactive plugins

Fix will delete inactive plugins. There is NO undo.

Delete unused themes

Fix will delete unused themes. There is NO undo.

Enable automatic WordPress core updates

The fix will disable the general debug mode.

Disable plugins/themes file editor

Fix will disable the plugins- and themes file-editor.

Change user ID 1

This fix will change the ID of the user with the ID "1" to the next available ID in the users' table. You will need to log in again after this fix is applied.

Rename install.php

Rename install.php, so it is not accessible on the default location.

Update Outdated Plugins

Update all plugins to the latest version.

Remove readme.html file

the readme.html file will be renamed so it is not available on the default location.

Disable XMLRPC

If you are not using any Really Simple Discovery services such as pingbacks, there is no need to advertise that endpoint (link) in the header.

Please note that for most sites this is not a security issue because they "want to be discovered," but if you want to hide the fact that you are using WordPress, this fix will help.

Regenerate WordPress Security keys

This fix will regenerate all WordPress security/hash keys. After the fix is applied, you will be asked to log in again.

Update Outdated Themes

Fix will update all themes to the latest version.

Rename upgrade.php

Rename upgrade.php, so it is not accessible on the default location.

Make uploads folder non-browsable

The fix will modify the uploads folder, so it is not browsable, this prevents attackers from finding more details about your website and to find any files that they could target for an attack.

Change admin username

This fix will change the admin username to something else - the "admin" username is way too common and often used for attacks.

Once the fix is applied, you will need to log in again with the new username. Password will not be changed.

Prevent usernames discovery via user IDs

Modify your .htaccess file by adding rules to prevent redirections from your site.com/?author={id} to yoursite.com/author/username

Update Wordpress

Fix will update WordPress to the latest version.

Windows Live Writer Link

Remove Windows Live Writer link from the header.