Skip to Content
✨ v2.0.2 Released - See the release notes
DocumentationWordPress SettingsGeneral

General Settings

The General tab controls external access and security options.

External Access

SettingDefaultDescription
WP REST API✅ EnabledControls the WordPress REST API. When disabled, unauthenticated requests are blocked. Logged-in users retain access.
XML-RPC✅ EnabledControls the XML-RPC interface. When disabled, XML-RPC requests are blocked and the X-Pingback header is removed.

Disabling the REST API may break plugins that depend on it (e.g., Gutenberg, WooCommerce, Jetpack). Test your site after disabling.

Security

SettingDefaultDescription
Display WordPress version✅ EnabledShows the WordPress version in the HTML <head>. Disabling hides it from attackers.
Display Login error✅ EnabledShows detailed login error messages. Disabling shows a generic “Login error” message.
Display Authentication with email✅ EnabledAllows email-based login. Disabling forces username-only authentication.
Disable file editor❌ DisabledDisables the theme/plugin file editor in the admin. Recommended for production.
Disable author archives❌ DisabledRedirects ?author=N URLs to the homepage. Prevents user enumeration.
Disable Application Passwords❌ DisabledDisables the Application Passwords feature (WordPress 5.6+).
Last updated on
Dashboard WidgetAdmin
Scotty

Scotty is a free WordPress plugin for site maintenance, database optimization, and advanced settings control. Built with WPBones and Mantine UI. Download it from WordPress.org. You can also sponsor the development.

HIGHLIGHTS
WordPress.org
WPBones Framework
Mantine Extensions HUB
Blog
RESOURCES
Documentation
Getting Started
Release Notes
Support Forum
Raycast Extension
New
Roadmap
New
WP Bones AI
Discord
ECOSYSTEM
WP Bones Repository
WP Bones Plugin Boilerplate
Custom Post Boilerplate
New
WP Bones Docs
Actions & Filters for Javascript
Flags
Geolocalizer
Morris PHP
Pure CSS Tabs
Pure CSS Switch
User Agent
WP Tables

Made with ❤️ by Undolog

Hosted on Vercel

Built with Mantine