helsingborg-stad / wpmu-security
A WordPress MU Plugin for security enhancements
Installs: 265
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Type:wordpress-muplugin
Requires
Requires (Dev)
- brain/monkey: ^2.6
- codedungeon/phpunit-result-printer: ^0.31.0
- php-stubs/wordpress-stubs: ^6.8
- phpunit/phpunit: ^9.5
- dev-main
- 1.6.10
- 1.6.8
- 1.6.6
- 1.6.5
- 1.6.3
- 1.6.1
- 1.5.0
- 1.4.0
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.0
- 1.2.0
- 1.1.4
- 1.1.2
- 1.1.1
- 1.1.0
- 1.0.1
- 0.6.4
- 0.6.3
- 0.6.0
- 0.5.8
- 0.5.6
- 0.5.3
- 0.5.1
- 0.4.6
- 0.4.4
- 0.4.2
- 0.4.1
- 0.3.0
- 0.2.1
- 0.1.0
- dev-feat/csp-category
- dev-feat/test-csp
- dev-feat/classification
- dev-feat/adding-comment-restriction
This package is auto-updated.
Last update: 2025-06-18 07:33:52 UTC
README
A lightweight WordPress plugin focused on modern security hardening best practices without unnecessary bloat.
🚀 Features
- ✅ Generic login error messages (prevent user enumeration)
- ✅ Generic password reset responses
- ✅ HTTP Strict Transport Security (HSTS)
- ✅ CORS configuration
- ✅ Subresource Integrity (SRI) for scripts and styles
- ✅ XML-RPC disabling
- ✅ Comment sanitization (anti-XSS)
- ✅ Content Security Policy (CSP)
⚙️ Configuration
This plugin is designed to be hassle free, however if you like to add domains that are not detected in the content security policy. Please use the following filter:
add_filter(
'WpSecurity/Csp',
function ($domains) {
if(!isset($domains['connect-src'])) {
$domains['connect-src'] = [];
}
$domains['connect-src'][] = 'https://*.domain.com';
$domains['connect-src'][] = 'https://*.domain.net';
return $domains;
}
);