isset( $_POST['header_x_frame'] ), 'header_content_type' => isset( $_POST['header_content_type'] ), 'header_referrer' => isset( $_POST['header_referrer'] ), 'header_permissions' => isset( $_POST['header_permissions'] ), 'header_xss' => isset( $_POST['header_xss'] ), 'hide_wp_version' => isset( $_POST['hide_wp_version'] ), 'block_user_enum' => isset( $_POST['block_user_enum'] ), 'disable_login_errors' => isset( $_POST['disable_login_errors'] ), 'disable_xmlrpc' => isset( $_POST['disable_xmlrpc'] ), 'force_ssl' => isset( $_POST['force_ssl'] ), 'file_editing_disabled' => isset( $_POST['file_editing_disabled'] ), ); Bearmor_Hardening::save_settings( $settings ); $success_message = 'Settings saved successfully!'; $just_saved = true; } // Handle quick actions if ( isset( $_POST['bearmor_apply_recommended'] ) && check_admin_referer( 'bearmor_hardening_quick' ) ) { Bearmor_Hardening::apply_recommended(); $success_message = 'Recommended hardening applied!'; $just_saved = true; } if ( isset( $_POST['bearmor_disable_all'] ) && check_admin_referer( 'bearmor_hardening_quick' ) ) { Bearmor_Hardening::disable_all(); $success_message = 'All hardening disabled!'; $just_saved = true; } // Get status $status = Bearmor_Hardening::get_hardening_status(); // Override file_editing_disabled with what user JUST clicked (if they just saved) if ( $just_saved && isset( $_POST['bearmor_save_hardening'] ) && isset( $settings ) ) { $status['file_editing_disabled'] = $settings['file_editing_disabled']; } // Enqueue CSS and dashicons wp_enqueue_style( 'dashicons' ); wp_enqueue_style( 'bearmor-dashboard', plugins_url( 'assets/css/dashboard.css', dirname( __FILE__ ) ), array(), '1.0.0' ); ?>

Security Hardening

Quick Actions

Enables all security headers and safe hardening options

Hardening Options

Hide WordPress Version	> Removes version info from HTML
Block User Enumeration	> Prevents `?author=` queries from revealing usernames
Disable Verbose Login Errors	> Shows generic error instead of specific messages
Force SSL (HTTPS)	> Redirects all HTTP requests to HTTPS Redirects all HTTP requests to HTTPS (SSL not detected)
Disable XML-RPC	> Disables XML-RPC functionality (May break Jetpack, mobile apps)
Disable File Editing	> Prevents editing themes/plugins from WordPress admin (Modifies wp-config.php)
WP_DEBUG Status	disabled> Debug mode disabled (Currently enabled - edit wp-config.php manually) (Disabled)

Security Headers

HTTP headers that protect against common attacks. All enabled by default.

X-Frame-Options	> Prevents clickjacking attacks (blocks iframe embedding)
X-Content-Type-Options	> Prevents MIME-type sniffing
Referrer-Policy	> Controls referrer information
Permissions-Policy	> Blocks camera/microphone access
X-XSS-Protection	> Legacy XSS protection