These are advanced settings that may be utilized to further strengthen the security of your WordPress site.
Note: These settings block common forms of attacks but they can also block legitimate plugins and themes that rely on the same techniques. When activating the settings below, we recommend enabling them one by one to test that everything on your site is still working as expected.
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
Prevents users from seeing a list of files in a directory when no index file is present.
Filter out hits with the trace, delete, or track request methods.
Filter Suspicious Query Strings
These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when "Filter Suspicious Query String" has been selected.
Long URL Strings
Limits the number of characters that can be sent in the URL. Hackers often take advantage of long URLs to try to inject information into your database.
File Writing Permissions
Prevents scripts and users from being able to write to the wp-config.php file and .htaccess file. Note that in the case of this and many plugins this can be overcome however it still does make the files more secure. Turning this on will set the UNIX file permissions to 0444 on these files and turning it off will set the permissions to 0664.
Disable PHP execution in the Uploads, Plugins and Themes Directories
Enabling these features will prevent malicious scripts from being executed in these directories. If a script is somehow uploaded try to access them will result in a 403 error. This will not affect plugin or theme functionality.