For me its just the “Anonymous Rest API” that is the big Seucrity threat, so I always disable that, but Allow XML-RPC.
Would it be an idea to put a “Risk Rating” for each Option like these? 9/10 being very dangerous and 1/10 not dangerous…
More details:
https://www.facebook.com/groups/ShieldSec/permalink/2911584865722805/