Security

The Security module in WP Adminify provides features to enhance the security of your WordPress site. This module allows you to customize login URLs, secure headers, manage comments, and more. Below is a detailed description of the available options.

Redirect URLs

Toggle: SHOW / HIDE

Description: Customize login and logout redirects based on user roles. This can help prevent unauthorized access and manage user navigation.

Login/Register URL:

  • New Login URL: Specify a custom URL for the login page to enhance security by hiding the default WordPress login URL.
  • Redirect Admin: Redirect non-logged-in users trying to access the admin area to a specified URL (e.g., a 404 page).
  • New Register URL: Customize the registration URL to guide new users to a specific registration page.
  • Enable Membership: Ensure the “Anyone can register” option is checked in WordPress settings for new user registration.
Login and register url change

Roles Redirect: You can set different redirect rules for login and logout actions. The available types are:

  • Login Redirect: Redirect users after they log in based on their role, username, or capability.
  • Logout Redirect: Redirect users to a specific URL when they log out.
Login and logout based redirection

Login Redirect Settings

User Types: You can define redirection rules for different user types:

  • User Role: Redirect users based on their assigned role.
  • User Name: Redirect specific users by their username.
  • User Capability: Redirect users based on their capabilities.

Role-Based Login Redirect

  • Role: Select the role for which you want to set a redirect (e.g., Administrator, Editor, Subscriber).
  • Redirect URL: Specify the URL to which users of the selected role should be redirected after logging in. Ensure the URL is complete (e.g., https://yourwebsite.com/dashboard).

Adding Multiple Redirect Rules

To create multiple login redirects:

Click on Add New Login Redirect to set additional redirect rules for different user roles, usernames, or capabilities.

Example Usage

For instance, you can set the following rules:

  • Admin Role: Redirect to https://yourwebsite.com/admin-dashboard
  • Editor Role: Redirect to https://yourwebsite.com/editor-homepage
  • Specific User: Redirect a specific user (e.g., johndoe) to a unique page.

Note

  • Make sure to provide full URLs for the redirection to work correctly.
  • Use these settings cautiously, especially when redirecting critical user roles, to avoid navigation issues or access restrictions.

Header Security

Toggle: SHOW / HIDE

Description: Secure the WordPress frontend by removing potentially revealing information and unnecessary elements.

Disable XML-RPC => Prevent XML-RPC, which can be a security risk.

Remove WordPress Generator Version: Hide the WordPress version from the frontend. While you are on the page source of your website frontend, you will see "<meta name="generator" content="WordPress 6.6.1" />", it exposed your present WordPress version to the public. If you like to hide your WordPress version, just enable this option.

Remove WordPress generator version from frontend

Remove “<link rel=”EditURI”…>” from the head section: Before the generator version you will notice <link rel="EditURI" type="application/rsd+xml" title="RSD" href="your xmlrpc.php link"  code, if you like to hide this then just enable the option.

Remove <link rel=”shortlink”…> from the head section: While you are on the page source of your single blog post or page, you may notice there is a shortlink like <link rel='shortlink' href='https://adminifyv2.local/?p=1' /> where the number 1 refers to the post ID. When someone visit this shortlink it redirect him to the post or page. But there are a lot of user who don’t want to increase their dom size and keep the page clean by removing this shortlink. Using this option, you can easily remove the shortlink. 

Remove <link rel=”canonical” href=”https://www.site.com/some-url” /> from head section: Just like shortlink you will notice a canonical URL like <link rel="canonical" href="https://adminifyv2.local/2024/08/22/hello-world/" /> inside the page source before shortlink or after shortlink.  This option helps you to remove the canonical URL and make your dom size minimal. 

Disable self-ping, i.e., from your site to your site when writing posts:  Sometimes your dashboard comment got flooded with self ping notifications because you may do internal or external linking between your different sites. To prevent this, we have an option called “Disable self ping”, just input your website URLs one by one and save the settings.

Disable self ping from your one site to another site or any website

Feed Links

Toggle: YES / NO

Description: Disable all RSS, Atom, and RDF feeds, including posts, categories, tags, comments, authors, and search. Redirect all feed URLs to prevent scraping.

Remove all feed links from WordPress

REST API

Toggle: SHOW / HIDE

Description: Control access to the WordPress REST API.

  • Disable REST API: Restrict access to the REST API for non-authenticated users.
  • Remove “X-Powered-By”: Hide the “X-Powered-By” header from server response HTTP headers.
Remove x powered by from server response http header

Disable Comments

Toggle: SHOW / HIDE

Description: Manage the display and functionality of comments on your site.

For Post Types: Enable for specific post types (Posts, Pages).

Options:

  • Remove “Comments” from Admin Bar
  • Admin Menu “Comments” Redirect to “wp-admin”
  • Remove Admin Menu “Comments”
  • Remove Discussion Menu from “Settings > Discussion” Sub Menu
  • Close Comments from Front-end
  • Remove “Your email address will not be published…” from comment form template
  • Remove website Field (URL) from comment form template
  • Remove Link from Comment “Author Name” & replace to JavaScript?
  • Comments Content disable auto linking, display comments links as plain text, replace Comment Links to JavaScript?
  • Remove Hardcoded Styles for Recent Comments
  • Hide Existing Comments from Frontend
Disable comments in WordPress Website

Post & Archives

Toggle: SHOW / HIDE

Description: Manage the redirection of unused archive pages to the homepage, and customize post display settings.

  • Display Last Post Updated Date
  • Remove Capital “P” Dangit
  • Redirect “Date Archives” Template to Homepage
  • Redirect “Author Archives” Template to Homepage
  • Redirect “Tag Archives” Template to Homepage
  • Redirect “Category Archives” Template to Homepage
  • Redirect “Post Format Archives” Template to Homepage
  • Redirect “Search Template” to Homepage
Post and archives option

Disable Automatic Updates Emails

Toggle: YES / NO

Description: Stop receiving emails about automatic updates for your WordPress site.

Disable Login Screen Language Switcher

Toggle: YES / NO

Description: Hide the language switcher option on the default WordPress login screen to streamline the login process.

Custom Gravatar Images

Add some custom gravater image that express your brand and helps you to make something unique rather then default gravater. 

Add custom gravater image in WordPress website
Was this article helpful?