Inspired by Apple’s Lockdown Mode for their operating systems, the Lockdown Mode plugin for WordPress disables various functionality that could be abused by a hacker when combined with a vulnerability in a plugin. As the functionality is disabled, it impacts normal usage of various functionality, so it isn’t designed for general usage, but this provides an ability to limit access to WordPress functionality short of going headless. For those looking to continue to access the functionality, but want to better protect against vulnerability exploitation, our Plugin Firewall Plugin restricts most exploitation while allowing legitimate usage.
The plugin restricts the following activity:
- Changes to sensitive settings (options)
- Media deletion
- Plugin installation and deletion
- Post deletion
- User role changes
- User registration
- Theme installation and deletion
- Blocking outbound requests from the website other than default requests from WordPress
There are future planned additions to disable logging in to WordPress. If you have other ideas for restrictions, please get in touch with.