Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3374742

Timestamp:

10/08/2025 02:09:25 AM (5 months ago)

Author:

chrmrtns

Message:

Update readme.txt with security hardening features documentation

Add comprehensive Security Hardening section
Highlight XML-RPC Disable, Application Passwords Control, and User Enumeration Prevention
Update heading from 'Why Choose Passwordless Login?' to 'Why Choose Keyless Auth?'
Add security features to Advanced Security list
Improve plugin visibility and branding

Location:

keyless-auth

Files:

: 2 edited

tags/2.7.0/readme.txt (modified) (4 diffs)
trunk/readme.txt (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

keyless-auth/tags/2.7.0/readme.txt

-                      r3374737
+                      r3374742
 Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It's more secure than weak passwords and infinitely more user-friendly.
 = Why Choose Passwordless Login? =
+= Why Choose Keyless Auth? =
 * **Enhanced Security**: No more weak, reused, or compromised passwords
 …
 * **Reduced Support**: Eliminate "forgot password" requests
 * **Modern Authentication**: Enterprise-grade security used by Slack, Medium, and others
+* **Security Hardening**: Built-in protection against brute force attacks and username enumeration
 = Quick Start =
 …
 * **Emergency Mode**: Grace period system with admin controls
 * **Secure Storage**: SMTP credentials in wp-config.php option
+* **XML-RPC Disable**: Block brute force attacks via XML-RPC interface
+* **Application Passwords Control**: Disable programmatic authentication when not needed
+* **User Enumeration Prevention**: Block username discovery attacks
 **Customization**
 …
 * Device tracking and IP monitoring
 * Automatic maintenance and cleanup routines
+= Security Hardening =
+Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site's needs.
+**XML-RPC Disable**
+* Prevents brute force attacks via WordPress XML-RPC interface
+* Reduces attack surface by disabling legacy API
+* Recommended for sites not using Jetpack, mobile apps, or pingbacks
+**Application Passwords Control**
+* Disable REST API and XML-RPC authentication when programmatic access isn't needed
+* Prevents unauthorized API access
+* Recommended for simple sites without third-party integrations
+**User Enumeration Prevention**
+* Blocks REST API user endpoints (`/wp-json/wp/v2/users`)
+* Redirects author archives and `?author=N` queries
+* Removes login error messages that reveal usernames
+* Strips comment author CSS classes
+* Removes author data from oEmbed responses
+* Recommended for business/corporate sites without author profiles
+**Benefits**
+* Combined protection against brute force attacks
+* Prevents username discovery for targeted attacks
+* Reduces unauthorized API access
+* Easy to configure without code or .htaccess modifications
+* All features include comprehensive documentation
+* FTP recovery available if needed
 = SMTP & Email Delivery =

keyless-auth/trunk/readme.txt

-                      r3374737
+                      r3374742
 Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It's more secure than weak passwords and infinitely more user-friendly.
 = Why Choose Passwordless Login? =
+= Why Choose Keyless Auth? =
 * **Enhanced Security**: No more weak, reused, or compromised passwords
 …
 * **Reduced Support**: Eliminate "forgot password" requests
 * **Modern Authentication**: Enterprise-grade security used by Slack, Medium, and others
+* **Security Hardening**: Built-in protection against brute force attacks and username enumeration
 = Quick Start =
 …
 * **Emergency Mode**: Grace period system with admin controls
 * **Secure Storage**: SMTP credentials in wp-config.php option
+* **XML-RPC Disable**: Block brute force attacks via XML-RPC interface
+* **Application Passwords Control**: Disable programmatic authentication when not needed
+* **User Enumeration Prevention**: Block username discovery attacks
 **Customization**
 …
 * Device tracking and IP monitoring
 * Automatic maintenance and cleanup routines
+= Security Hardening =
+Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site's needs.
+**XML-RPC Disable**
+* Prevents brute force attacks via WordPress XML-RPC interface
+* Reduces attack surface by disabling legacy API
+* Recommended for sites not using Jetpack, mobile apps, or pingbacks
+**Application Passwords Control**
+* Disable REST API and XML-RPC authentication when programmatic access isn't needed
+* Prevents unauthorized API access
+* Recommended for simple sites without third-party integrations
+**User Enumeration Prevention**
+* Blocks REST API user endpoints (`/wp-json/wp/v2/users`)
+* Redirects author archives and `?author=N` queries
+* Removes login error messages that reveal usernames
+* Strips comment author CSS classes
+* Removes author data from oEmbed responses
+* Recommended for business/corporate sites without author profiles
+**Benefits**
+* Combined protection against brute force attacks
+* Prevents username discovery for targeted attacks
+* Reduces unauthorized API access
+* Easy to configure without code or .htaccess modifications
+* All features include comprehensive documentation
+* FTP recovery available if needed
 = SMTP & Email Delivery =

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3374742

Legend:

keyless-auth/tags/2.7.0/readme.txt

keyless-auth/trunk/readme.txt

Download in other formats: