{"id":8566,"date":"2010-06-07T09:14:02","date_gmt":"2010-06-07T09:14:02","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/mjp-security-plugin\/"},"modified":"2026-02-23T10:51:21","modified_gmt":"2026-02-23T10:51:21","slug":"mjp-security-plugin","status":"publish","type":"plugin","link":"https:\/\/tah.wordpress.org\/plugins\/mjp-security-plugin\/","author":255626,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.0.0","stable_tag":"2.0.0","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"MJP Security Tools","header_author":"ElbertF, zackdesign, MJP","header_description":"","assets_banners_color":"","last_updated":"2026-02-23 10:51:21","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/zackdesign.biz\/","header_plugin_uri":"https:\/\/zackdesign.biz\/","header_author_uri":"https:\/\/zackdesign.biz","rating":0,"author_block_rating":0,"active_installs":10,"downloads":2862,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0":{"tag":"1.0","author":"zackdesign","date":"2011-04-12 23:53:02"},"1.1":{"tag":"1.1","author":"zackdesign","date":"2012-05-07 04:48:42"},"1.2.0":{"tag":"1.2.0","author":"zackdesign","date":"2026-02-23 09:32:40"},"1.2.1":{"tag":"1.2.1","author":"zackdesign","date":"2026-02-23 10:07:01"},"2.0.0":{"tag":"2.0.0","author":"zackdesign","date":"2026-02-23 10:51:21"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":0},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0","1.1","1.2.0","1.2.1","2.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[8533,602,895,600,14958],"plugin_category":[38,42,54],"plugin_contributors":[84100,81812],"plugin_business_model":[],"class_list":["post-8566","plugin","type-plugin","status-publish","hentry","plugin_tags-audit","plugin_tags-login","plugin_tags-permissions","plugin_tags-security","plugin_tags-xss","plugin_category-authentication","plugin_category-contact-forms","plugin_category-security-and-spam-protection","plugin_contributors-elbertf","plugin_contributors-zackdesign","plugin_committers-zackdesign"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/mjp-security-plugin.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>MJP Security Tools is a focused hardening plugin that does four things well:<\/p>\n\n<ul>\n<li><strong>XSS Database Scanner<\/strong> \u2014 scans every table for <code>&lt;script&gt;<\/code>, <code>&lt;iframe&gt;<\/code>, <code>onclick<\/code>, <code>javascript:<\/code> and other injection patterns<\/li>\n<li><strong>POST Request Log<\/strong> \u2014 records all POST data (passwords masked) with IP, user agent, and URL for CSRF\/audit detection<\/li>\n<li><strong>Failed Login Log<\/strong> \u2014 tracks every failed login attempt with username, IP, and timestamp<\/li>\n<li><strong>File Permission Checker<\/strong> \u2014 verifies WordPress root files and directories have safe permissions, checks for missing <code>index.html<\/code> files and SVN working copies<\/li>\n<\/ul>\n\n<p><strong>What this plugin does NOT do<\/strong> (because WordPress core already handles it):<\/p>\n\n<ul>\n<li>SSL enforcement \u2014 use <code>FORCE_SSL_ADMIN<\/code> or let WordPress 5.7+ auto-redirect<\/li>\n<li>Password strength \u2014 WordPress core enforces strong passwords since 4.3<\/li>\n<li>Login rate limiting \u2014 use a dedicated plugin like Limit Login Attempts Reloaded<\/li>\n<li>Version number hiding \u2014 marginal benefit, not worth the complexity<\/li>\n<\/ul>\n\n<p><strong>Upgrading from v1.x:<\/strong><\/p>\n\n<ul>\n<li>The admin page has moved from jQuery UI tabs to native WordPress nav tabs<\/li>\n<li>SSL forcing, password enforcement, login throttling, version hiding, admin username changing, database prefix randomization, password reset, and .htaccess generation have been removed \u2014 WordPress core and dedicated security plugins handle these better<\/li>\n<li>PHP sessions replaced with WP transients for flash messages<\/li>\n<li>Log data is now stored as JSON instead of serialized PHP<\/li>\n<li>The Javacrypt client-side crypt(3) script has been removed<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>mjp-security-plugin<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate through the Plugins menu<\/li>\n<li>Go to Tools &gt; MJP Security Tools<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"what%20happened%20to%20all%20the%20other%20features%3F\"><h3>What happened to all the other features?<\/h3><\/dt>\n<dd><p>WordPress 6.x handles SSL, password strength, and many security basics natively. Rather than duplicating core functionality, v2.0.0 focuses on the four features that WordPress does NOT provide out of the box: XSS scanning, POST logging, failed login logging, and file permission checking.<\/p><\/dd>\n<dt id=\"is%20this%20a%20replacement%20for%20wordfence%2Fithemes%3F\"><h3>Is this a replacement for Wordfence\/iThemes?<\/h3><\/dt>\n<dd><p>No \u2014 those are comprehensive security suites. MJP Security Tools is a lightweight auditing companion that provides specific database scanning and logging features.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>2.0.0<\/h4>\n\n<ul>\n<li>Rewrite: focused on 4 core features \u2014 XSS scanner, POST log, failed login log, file permissions<\/li>\n<li>Removed: SSL forcing, password enforcement, login throttling, version hiding (handled by WP core)<\/li>\n<li>Removed: Admin username changer, DB prefix randomizer, password reset all users, .htaccess generator<\/li>\n<li>Removed: jQuery UI 1.8.10 dependency and Javacrypt crypt(3) JavaScript (~500 lines)<\/li>\n<li>Removed: PHP sessions \u2014 uses WP transients for flash messages<\/li>\n<li>New: Native WordPress nav-tab interface (no jQuery UI)<\/li>\n<li>New: Dedicated CSS\/JS assets instead of inline styles and CDN links<\/li>\n<li>New: Clear log buttons for POST and failed login logs<\/li>\n<li>New: Log data stored as JSON instead of serialized PHP<\/li>\n<li>New: File permission scan limited to 2 levels deep (prevents timeout on large installs)<\/li>\n<li>Fixed: HTML parse error in admin template (missing <code>&gt;<\/code> on div tag)<\/li>\n<li>Fixed: Admin page uses dedicated slug instead of <code>__FILE__<\/code><\/li>\n<li>Changed: Requires WordPress 6.0+<\/li>\n<\/ul>\n\n<h4>1.2.1<\/h4>\n\n<ul>\n<li>Fixed PHP 8.1 deprecation: get_option() returning false passed to substr()<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>PHP 8.x compatibility fixes<\/li>\n<li>Replaced deprecated functions and constants<\/li>\n<li>Tested with WP 6.9.1<\/li>\n<\/ul>\n\n<h4>1.1<\/h4>\n\n<ul>\n<li>Tested in WP 3.3.2<\/li>\n<\/ul>\n\n<h4>1.0<\/h4>\n\n<ul>\n<li>First Release<\/li>\n<\/ul>","raw_excerpt":"Lightweight WordPress hardening \u2014 XSS database scanner, POST request logging, failed login logging, and file permission checker.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/8566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=8566"}],"author":[{"embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/zackdesign"}],"wp:attachment":[{"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=8566"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=8566"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=8566"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=8566"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=8566"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=8566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}