A añadir en el fichero functions.php:
// Desactivamos Rest API
add_filter('json_enabled', '__return_false');
add_filter('json_jsonp_enabled', '__return_false');
function restrict_rest_api_to_localhost() {
die('REST API is disabled.');
}
add_action( 'rest_api_init', 'restrict_rest_api_to_localhost', 1 );
// Eliminamos las versiones visibles de wordpress
remove_action('wp_head', 'wp_generator');
// remove version from rss
add_filter('the_generator', '__return_empty_string');
// Añadimos directivas de seguridad en la cabecera
add_action( 'send_headers', 'add_header_security' );
function add_header_security() {
header( 'X-Content-Type-Options: nosniff' );
header( 'X-Frame-Options: SAMEORIGIN' );
header( 'X-XSS-Protection: 1' );
}