Eingaben in der wp-config:
- wp-config Schreibrechte ändern auf 440
- File Edit deaktivieren:
HTTP headers to improve web site security plugin
First, that trac ticket is related to adding warnings in the Theme and Plugin Editors, to make folks more aware of the best practices for modifying (or not modifying) them. Second, on a fully default install, I just added define('DISALLOW_FILE_EDIT', true); to wp-config.php and I then saw the admin menu items to edit plugins and edit theme vanish, namely: Plugins – > Editor = /wp-admin/theme-editor.php Appearance -> Editor = /wp-admin/plugin-editor.php I went so far as to run the url’s directly and saw: Sorry, you are not allowed to access this page. So, on a default install it does in fact work as noted at: https://codex.wordpress.org/Editing_wp-config.php Try re-installing WordPress manually. Then switch to default theme, deactivate all plugins and try again. Note from Editing_wp-config Please note: the functionality of some plugins may be affected by the use of current_user_can(‘edit_plugins’) in their code. Plugin authors should avoid checking for this capability, or at least check if this constant is set and display an appropriate error message. Be aware that if a plugin is not working this may be the cause.
toller artikel: https://kinsta.com/de/blog/wordpress-security-plugins/#wp-fail2ban
evtl. Stop User Enumeration plugin