The Security module in WP Adminify provides features to enhance the security of your WordPress site. This module allows you to customize login URLs, secure headers, manage comments, and more. Below is a detailed description of the available options.
Toggle: SHOW / HIDE
Description: Customize login and logout redirects based on user roles. This can help prevent unauthorized access and manage user navigation.
Login/Register URL:
Roles Redirect: You can set different redirect rules for login and logout actions. The available types are:
Login Redirect Settings
User Types: You can define redirection rules for different user types:
Role-Based Login Redirect
Adding Multiple Redirect Rules
To create multiple login redirects:
Click on Add New Login Redirect to set additional redirect rules for different user roles, usernames, or capabilities.
Example Usage
For instance, you can set the following rules:
Note
Description: Secure the WordPress frontend by removing potentially revealing information and unnecessary elements.
Disable XML-RPC => Prevent XML-RPC, which can be a security risk.
Remove WordPress Generator Version: Hide the WordPress version from the frontend. While you are on the page source of your website frontend, you will see "<meta name="generator" content="WordPress 6.6.1" />", it exposed your present WordPress version to the public. If you like to hide your WordPress version, just enable this option.
"<meta name="generator" content="WordPress 6.6.1" />"
Remove “<link rel=”EditURI”…>” from the head section: Before the generator version you will notice <link rel="EditURI" type="application/rsd+xml" title="RSD" href="your xmlrpc.php link" code, if you like to hide this then just enable the option.
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="your xmlrpc.php link"
Remove <link rel=”shortlink”…> from the head section: While you are on the page source of your single blog post or page, you may notice there is a shortlink like <link rel='shortlink' href='https://adminifyv2.local/?p=1' /> where the number 1 refers to the post ID. When someone visit this shortlink it redirect him to the post or page. But there are a lot of user who don’t want to increase their dom size and keep the page clean by removing this shortlink. Using this option, you can easily remove the shortlink.
<link rel='shortlink' href='https://adminifyv2.local/?p=1' />
Remove <link rel=”canonical” href=”https://www.site.com/some-url” /> from head section: Just like shortlink you will notice a canonical URL like <link rel="canonical" href="https://adminifyv2.local/2024/08/22/hello-world/" /> inside the page source before shortlink or after shortlink. This option helps you to remove the canonical URL and make your dom size minimal.
<link rel="canonical" href="https://adminifyv2.local/2024/08/22/hello-world/" />
Disable self-ping, i.e., from your site to your site when writing posts: Sometimes your dashboard comment got flooded with self ping notifications because you may do internal or external linking between your different sites. To prevent this, we have an option called “Disable self ping”, just input your website URLs one by one and save the settings.
Toggle: YES / NO
Description: Disable all RSS, Atom, and RDF feeds, including posts, categories, tags, comments, authors, and search. Redirect all feed URLs to prevent scraping.
Description: Control access to the WordPress REST API.
Description: Manage the display and functionality of comments on your site.
For Post Types: Enable for specific post types (Posts, Pages).
Options:
Description: Manage the redirection of unused archive pages to the homepage, and customize post display settings.
Description: Stop receiving emails about automatic updates for your WordPress site.
Description: Hide the language switcher option on the default WordPress login screen to streamline the login process.
Add some custom gravater image that express your brand and helps you to make something unique rather then default gravater.