非公開のリソースを非表示にしてワードプレスのセキュリティを向上させる

Question

私はワードプレスから新しいと私は非公開のリソースを隠すことによってワードプレスマルチサイトのセキュリティを向上させたい。 wp-admin、wp-configなど.

私の設定はうまくいくようですが、この設定で何かが壊れる可能性があるかどうかわかりません（コア機能、一般的なプラグインなど）

私の設定は一般的には良いですか？
私の設定は本当のセキュリティを向上させるか、私は私の時間を無駄にしていますか？

httpd-vhosts.conf（Apache）

# Disallow public access php for .htaccess and .htpasswd files <Files ".ht*"> Require all denied </Files> # Disallow public access for *.php files in upload directory <Directory "/htdocs/wp-content/uploads/"> <Files "*.php"> deny from all </Files> </Directory> # Disallow public access for... <Files "wp-config.php"> order allow,deny deny from all </Files> <Files "readme.html"> order allow,deny deny from all </Files> <Files "license.html"> order allow,deny deny from all </Files> <Files "license.txt"> order allow,deny deny from all </Files> # Because we do not use any remote connections to publish on WP <Files "xmlrpc.php"> order allow,deny deny from all </Files>

.htaccess

RewriteEngine On RewriteBase / # List of ACME company IP Address SetEnvIf Remote_Addr "^127\.0\.0\." NETWORK=ACME SetEnvIf Remote_Addr "^XX\.XX\.XX\.XX$" NETWORK=ACME SetEnvIf Remote_Addr "^XX\.XX\.XX\.XX$" NETWORK=ACME SetEnvIf Remote_Addr "^XX\.XX\.XX\.XX$" NETWORK=ACME # Disallow access to wp-admin and wp-login.php RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax\.php$ # allow fo admin-ajax.php RewriteCond %{ENV:NETWORK} !^ACME$ # allow for ACME RewriteCond %{SCRIPT_FILENAME} ^(.*)?wp-login\.php$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin\/ RewriteRule ^(.*)$ - [R=403,L] # Block user enumeration RewriteCond %{REQUEST_URI} ^/$ RewriteCond %{QUERY_STRING} ^/?author=([0-9]*) RewriteRule ^(.*)$ / [L,R=301] # Block the include-only files. # see: http://codex.wordpress.org/Hardening_WordPress (Securing wp-includes) RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] #RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] # Comment for Multisite RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L]

function.php

<?php // Remove unnecessary meta tags // <meta name="generator" content="WordPress 4.1" /> remove_action('wp_head', 'wp_generator'); // Disable WordPress Login Hints function no_wordpress_errors(){ return 'GET OFF MY LAWN !! RIGHT NOW !!'; } add_filter( 'login_errors', 'no_wordpress_errors' );

wp-config.php

<?php define('DISALLOW_FILE_EDIT', true); define('DISALLOW_FILE_MODS', true);

sunilsingh · Answer

remove_action()を使用すると、不要なリンクを削除することができます。

remove_action('wp_head', 'rsd_link'); //removes EditURI/RSD (Really Simple Discovery) link. remove_action('wp_head', 'wlwmanifest_link'); //removes wlwmanifest (Windows Live Writer) link. remove_action('wp_head', 'wp_generator'); //removes meta name generator. remove_action('wp_head', 'wp_shortlink_wp_head'); //removes shortlink. remove_action( 'wp_head', 'feed_links', 2 ); //removes feed links. remove_action('wp_head', 'feed_links_extra', 3 ); //removes comments feed.