A añadir en el fichero functions.php:
// Desactivamos Rest API add_filter('json_enabled', '__return_false'); add_filter('json_jsonp_enabled', '__return_false'); function restrict_rest_api_to_localhost() { die('REST API is disabled.'); } add_action( 'rest_api_init', 'restrict_rest_api_to_localhost', 1 ); // Eliminamos las versiones visibles de wordpress remove_action('wp_head', 'wp_generator'); // remove version from rss add_filter('the_generator', '__return_empty_string'); // Añadimos directivas de seguridad en la cabecera add_action( 'send_headers', 'add_header_security' ); function add_header_security() { header( 'X-Content-Type-Options: nosniff' ); header( 'X-Frame-Options: SAMEORIGIN' ); header( 'X-XSS-Protection: 1' ); }