Title: Hard Boiled Security Author: badegg Published: 24 Gennaio 2026 Last modified: 24 Gennaio 2026 --- Ricerca i plugin ![](https://ps.w.org/hard-boiled-security/assets/icon.svg?rev=3446103) # Hard Boiled Security Di [badegg](https://profiles.wordpress.org/badegg/) [Scarica](https://downloads.wordpress.org/plugin/hard-boiled-security.1.0.1.zip) * [Dettagli](https://it.wordpress.org/plugins/hard-boiled-security/#description) * [Recensioni](https://it.wordpress.org/plugins/hard-boiled-security/#reviews) * [Sviluppo](https://it.wordpress.org/plugins/hard-boiled-security/#developers) [Supporto](https://wordpress.org/support/plugin/hard-boiled-security/) ## Descrizione **Hard Boiled Security** stands in contrast to the many heavily marketed security plugins available for WordPress. Rather than providing a barrage of configuration options and intrusive prompts and upsells, we silently close the most common security vulnerabilities. This plugin was inspired by many painful situations we helped people out of over the years and developed to help people who do not code secure websites their with minimal effort. ### Plugin Features * Zero configuration, hardens security just by activating * Disables all file editing within WordPress Admin. * Pingbacks and Trackbacks are disabled on all existing and future posts. * Prevents username exposure by ensuring their nice name, which is used in their profile URL and Rest API endpoint, is not their username. Those with the `list_users` capability can change this if needed. * Tested and working with [Roots.io’s Bedrock](https://roots.io/bedrock) directory structure as a mu-plugin. ### Planned features There is more we can do to harden your WordPress website’s security. The features we will implement in the future will also be opinionated and require little to no configuration. – Block brute force attacks by limiting failed login attempts within a reasonable timeframe – Prevent email server spam and abuse by limiting password reset requests – Logging when brute force and spam prevention measures are triggered with optional opt-in email notifications ### Keep it secret, keep it safe This plugin is not a magic fix-all security solution. We don’t believe any plugin can do that. Website security, regardless of platform, requires careful consideration around common security principles around access and permissions. Things like always using strong passwords, never reusing them across multiple websites, and limiting administrator accounts to those who actually need it. So many WordPress websites are compromised because administrator access is given out where the editor role is perfectly sufficient. Even if you are the website owner, using an editor account for your daily activities is a good idea. ### What to do to stay secure beyond using this plugin * Strong, unique, randomised passwords. * Fewer administrator accounts given only to those that need access to how the website works. * Use editor accounts or lower for regular content updates where possible. * Ensure the plugins and themes you use have been updated within the last few months. * Abandoned themes or plugins will not be updated if security vulnerabilities are found so replace them. ### Why this plugin may not be for you This is an opinionated plugin built around our assumptions. These assumptions are based on our experiences over 15 years of building WordPress websites and may go against your workflow or philosophy. One of the main reasons we wrote this plugin is to create an easy way for people to disable the built-in file editor in the WordPress admin. A compromised administrator account can easily add malicious code to any theme or plugin and it can be very difficult to detect and locate it. This is the main reason we disable this feature outright. Secondly, if you’re writing code, we consider it to be bad practice to edit files directly in a production environment (ie, a live website). ## Recensioni Non ci sono recensioni per questo plugin. ## Contributi e sviluppo “Hard Boiled Security” è un software open source. Le persone che hanno contribuito allo sviluppo di questo plugin sono indicate di seguito. Collaboratori * [ badegg ](https://profiles.wordpress.org/badegg/) [Traduci “Hard Boiled Security” nella tua lingua.](https://translate.wordpress.org/projects/wp-plugins/hard-boiled-security) ### Ti interessa lo sviluppo? [Esplora il codice](https://plugins.trac.wordpress.org/browser/hard-boiled-security/) segui il [repository SVN](https://plugins.svn.wordpress.org/hard-boiled-security/), segui il [log delle modifiche](https://plugins.trac.wordpress.org/log/hard-boiled-security/) tramite [RSS](https://plugins.trac.wordpress.org/log/hard-boiled-security/?limit=100&mode=stop_on_copy&format=rss). ## Meta * Versione **1.0.1** * Ultimo aggiornamento **4 mesi fa** * Installazioni attive **Meno di 10** * Versione WordPress ** 6.9 o superiore ** * Testato fino alla versione **6.9.4** * Versione PHP ** 8.1 o superiore ** * Lingua * [English (US)](https://wordpress.org/plugins/hard-boiled-security/) * Tag * [security](https://it.wordpress.org/plugins/tags/security/) * [Visualizzazione avanzata](https://it.wordpress.org/plugins/hard-boiled-security/advanced/) ## Valutazioni Non sono state ancora inviate recensioni. [Your review](https://wordpress.org/support/plugin/hard-boiled-security/reviews/#new-post) [Vedi tutte le recensioni](https://wordpress.org/support/plugin/hard-boiled-security/reviews/) ## Collaboratori * [ badegg ](https://profiles.wordpress.org/badegg/) ## Supporto Hai qualcosa da dire? Ti serve aiuto? [Chiedi nel forum di supporto](https://wordpress.org/support/plugin/hard-boiled-security/)