Is Security Hardener free?

Yes, Security Hardener is free to use. It is available as a free plugin on WordPress.org.

How many websites use Security Hardener?

Security Hardener has 100 active installations as tracked by WordPress.org.

What are the best Security Hardener alternatives?

Popular alternatives to Security Hardener include Headers Security Advanced & HSTS WP, WP Hide & Security Enhancer, Unique Headers. You can compare them side-by-side on our comparison pages.

Does Security Hardener work with the latest WordPress?

Security Hardener has been tested up to WordPress 6.9.4. It requires WordPress 6.9+ and PHP 8.2+.

PluginSift

Security Hardener

Name: Security Hardener
Author: Marc Armengou

Basic hardening: secure headers, login honeypot, user enumeration blocking, generic login errors, rate limiting, and more.

By Marc Armengou·Headers·Free

·100 active installs·Updated 2 days ago

Download Visit Homepage Compare

As of April 2026, Security Hardener is a WordPress headers plugin with 100 active installations and a 0/5 rating0. It has been downloaded 891 times in total. Requires WordPress 6.9+ and PHP 8.2+. Available on WordPress.org since 2025. Actively maintained — updated within the last month. Top alternative: Headers Security Advanced & HSTS WP.

0/5Rating

100active installs

891total downloads

1 yearsince 2025

Overview

Security Hardener applies WordPress security best practices based on the WordPress Advanced Administration / Security / Hardening documentation and widely accepted hardening measures. It uses WordPress core functions and follows best practices without modifying core files.

Key Features

File Security:
* Disable file editor in WordPress admin
* Optionally disable all file modifications (blocks updates – use with caution)

XML-RPC Protection:
* Disable XML-RPC completely (enabled by default)
* Remove pingback methods when XML-RPC is enabled

Pingback Protection:
* Disable self-pingbacks
* Remove X-Pingback header
* Block incoming pingbacks

User Enumeration Protection:
* Block /?author=N queries (returns 404)
* Secure REST API user endpoints (require authentication)
* Remove users from XM…

Read full description on WordPress.org

Ratings & Reviews

00 reviews

5 ★

4 ★

3 ★

2 ★

1 ★

Compatibility

WordPress	6.9+ requiredTested up to 6.9.4
PHP	8.2+ required

Top Alternatives to Security Hardener

Headers Security Advanced & HSTS WP

4.990K+ installsUpdated 2 weeks ago

View Compare

WP Hide & Security Enhancer

4.350K+ installsUpdated 4 weeks ago

View Compare

Unique Headers

4.920K+ installsUpdated 2 years ago

View Compare

Redirect

55.0K+ installsUpdated 8 years ago

View Compare

Add Custom Header Images

4.7500 installsUpdated 1 year ago

View Compare

View all headers plugins →

Frequently Asked Questions

Changelog

2.2.0 – 2026-04-01

Added: Login honeypot — a hidden field added to the login form that silently blocks bots before any credential check.
Added: Block author feeds — optionally blocks /author/username/feed/ pages that can confirm existing usernames.
Added: Disable Application Passwords — disables REST API authentication via Application Passwords; enabled by default.
Added: System Status section — replaces the separate File Permissions section; shows file permissions and WP_DEBUG status in a unified table, always visible with with color-coded indicators.
Added: Two new items to the hardening checklist — disable display_errors in PHP configuration, and disable WP_DEBUG_DISPLAY on live sites.

View full changelog on WordPress.org

Contributors

Marc Armengou

Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.

Security Hardener

Basic hardening: secure headers, login honeypot, user enumeration blocking, generic login errors, rate limiting, and more.

By Marc Armengou·Headers·Free

·100 active installs·Updated 2 days ago

Download Visit Homepage Compare

0/5Rating

100active installs

891total downloads

1 yearsince 2025

Overview

Key Features

File Security:
* Disable file editor in WordPress admin
* Optionally disable all file modifications (blocks updates – use with caution)

XML-RPC Protection:
* Disable XML-RPC completely (enabled by default)
* Remove pingback methods when XML-RPC is enabled

Pingback Protection:
* Disable self-pingbacks
* Remove X-Pingback header
* Block incoming pingbacks

User Enumeration Protection:
* Block /?author=N queries (returns 404)
* Secure REST API user endpoints (require authentication)
* Remove users from XM…

Read full description on WordPress.org

Ratings & Reviews

00 reviews

5 ★

4 ★

3 ★

2 ★

1 ★

Compatibility

WordPress	6.9+ requiredTested up to 6.9.4
PHP	8.2+ required

Top Alternatives to Security Hardener

Headers Security Advanced & HSTS WP

4.990K+ installsUpdated 2 weeks ago

View Compare

WP Hide & Security Enhancer

4.350K+ installsUpdated 4 weeks ago

View Compare

Unique Headers

4.920K+ installsUpdated 2 years ago

View Compare

Redirect

55.0K+ installsUpdated 8 years ago

View Compare

Add Custom Header Images

4.7500 installsUpdated 1 year ago

View Compare

View all headers plugins →

Frequently Asked Questions

Changelog

2.2.0 – 2026-04-01

Added: Login honeypot — a hidden field added to the login form that silently blocks bots before any credential check.
Added: Block author feeds — optionally blocks /author/username/feed/ pages that can confirm existing usernames.
Added: Disable Application Passwords — disables REST API authentication via Application Passwords; enabled by default.
Added: System Status section — replaces the separate File Permissions section; shows file permissions and WP_DEBUG status in a unified table, always visible with with color-coded indicators.
Added: Two new items to the hardening checklist — disable display_errors in PHP configuration, and disable WP_DEBUG_DISPLAY on live sites.

View full changelog on WordPress.org

Contributors

Marc Armengou

Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.