WordPress Config Hardening

Mar 10, 2026 | Steel Security

Several WordPress constants can significantly improve security. Steel Security checks whether these are configured safely.

  • DISALLOW_FILE_EDIT prevents file editing through the WordPress admin interface.
  • DISALLOW_FILE_MODS disables plugin and theme installation via the admin panel.
  • FORCE_SSL_ADMIN helps ensure secure administrative logins.

Steel Security also checks for potential exposure of XML-RPC endpoints and WordPress version information. Proper configuration reduces common exploitation paths.