WT Hardening

1.0.2

• Fix: Plugin URI now points to a public landing page on webmasters.team (the previous URL returned 404 during review).

1.0.1

• Fix: readme rewritten in English to satisfy the WordPress.org July 2025 policy.
• Fix: escape output in the event log admin page (EventsPage).
• Fix: replace parse_url() with wp_parse_url() in the XML-RPC module.
• Fix: prefix global variables in uninstall.php and add safe-query annotations.

1.0.0

First release.

• XML-RPC module (endpoint block plus methods filter).
• User enumeration blocker for the REST API.
• Author archive redirect.
• Hide WordPress version.
• Remove X-Pingback header.
• Generic login error message.
• Login attempt limiter with IP lockout.
• File editor disable.
• Strong password policy (length, mixed case, digits, symbols).
• Security HTTP headers (X-Frame, nosniff, Referrer-Policy, Permissions-Policy, HSTS).
• Event log (logins, users, plugins, theme, settings) with configurable retention.