Hi Stacy,
Almost every option on the settings page includes a little (i) icon. Click those to learn more about what each option does.
In case you already tried that and still don’t understand, here are some answers to your questions.
Generator tag/readme.txt:
The first step in a successful exploit is reconnaissance, and the most basic piece of information one could hope to gather is the particular software version. Since vulnerabilities tend to get fixed once exposed, the usefulness of a given attack depends on whether or not the target is still vulnerable. These two options remove two common means for identifying a WordPress site’s software version. There remain other means of obtaining that information so this isn’t a complete shutdown, but it does make a hacker’s job a little bit harder.
Adjacent post meta:
“Meta tags” are hidden descriptors buried in a web page’s code that help robots better understand the content. Most WordPress themes add tags for the previous and next pages (relative to the one being viewed). This in and of itself isn’t bad or dangerous, but can accidentally disclose content that a site operator didn’t mean to make public.
XML-RPC: is used by a lot of third-party apps and web sites to manage a given WordPress installation (push posts, moderate comments, etc). But it also an avenue for numerous exploits from XSS to brute-force logins, so it can be dangerous. If it isn’t actively used, it is best to just disable it.
