MJP Security Plugin -- WordPress 插件

MJP Security Tools is a focused hardening plugin that does four things well:

XSS Database Scanner — scans every table for <script>, <iframe>, onclick, javascript: and other injection patterns
POST Request Log — records all POST data (passwords masked) with IP, user agent, and URL for CSRF/audit detection
Failed Login Log — tracks every failed login attempt with username, IP, and timestamp
File Permission Checker — verifies WordPress root files and directories have safe permissions, checks for missing index.html files and SVN working copies

What this plugin does NOT do (because WordPress core already handles it):

Upgrading from v1.x:

The admin page has moved from jQuery UI tabs to native WordPress nav tabs
SSL forcing, password enforcement, login throttling, version hiding, admin username changing, database prefix randomization, password reset, and .htaccess generation have been removed — WordPress core and dedicated security plugins handle these better
PHP sessions replaced with WP transients for flash messages
Log data is now stored as JSON instead of serialized PHP
The Javacrypt client-side crypt(3) script has been removed

2.0.0

Rewrite: focused on 4 core features — XSS scanner, POST log, failed login log, file permissions
Removed: SSL forcing, password enforcement, login throttling, version hiding (handled by WP core)
Removed: Admin username changer, DB prefix randomizer, password reset all users, .htaccess generator
Removed: jQuery UI 1.8.10 dependency and Javacrypt crypt(3) JavaScript (~500 lines)
Removed: PHP sessions — uses WP transients for flash messages
New: Native WordPress nav-tab interface (no jQuery UI)
New: Dedicated CSS/JS assets instead of inline styles and CDN links
New: Clear log buttons for POST and failed login logs
New: Log data stored as JSON instead of serialized PHP
New: File permission scan limited to 2 levels deep (prevents timeout on large installs)
Fixed: HTML parse error in admin template (missing > on div tag)
Fixed: Admin page uses dedicated slug instead of __FILE__
Changed: Requires WordPress 6.0+

1.2.1

1.2.0

1.1

1.0

MJP Security Tools