WPMUDEV WordPress Security Plugin (Feature Request)


I am looking into the possibility of providing https in the future.

If marketpress adoption is to continue to grow, would it benefit of wpmudev users if they could run their site more securely?

Especially, if you are taking credit card details.

I have read the previous threads but I am looking for interest in a wpmudev security plugin to be created.

Any +1s?


  • xInd
    • Site Builder, Child of Zeus

    Yes, it has come up before I remember talking about this.

    We definitely need it…. It should also include quick easy securing of basic things like changing default urls and filenames. That would also help to block out spam too, because most of the spammers use scrapers that search for inurl:wp-signup.php and so on.

    Personally, I hate providing client dashboards where they login at wp-admin… with all the custom branding stuff we have in here that should be key… I mean you can brand it all you want, but as soon as you’re at wp-admin you know exactly what it is. Not that I want to hide wordpress altogether, but if wordpress is going to be used for corporate sites it really needs to look corporate al around.

  • paperweight
    • The Incredible Code Injector

    +1 for this. I need something simple, streamlined, and powerful enough to allow for full SLL protection on the entire install (both admin and front sections) and also the ability to allow caching plugins to still work (or maybe it’s own built-in caching plugin??)

  • Ian
    • The Incredible Code Injector

    +1 admin and public to use https.

    also have a way for plugin to convert all existing media links to https.

    currently switching to https, the post content doesn’t get updated so get warnings about non-secure content.

  • paperweight
    • The Incredible Code Injector

    Right, this is a very necessary and excellent idea. But the issue here is WordPress hardcodes the image links when a Post is published. So maybe a way to work this feature is an extra area where the plugin scans all embedded content (such as images, files, and even off-site src= links) and then presents the admin a list of all the domain names. For example, a list like:






    And then the admin can select all or some of those domains to Find/Replace http with https. The reason this is necessary is because some off-site src may not have SSL available, so any new https links to those resources will not show that content.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.