, (*1)
WordPress Security Plugin Collection
, (*2)
This is WordPress plugin collection which adds security enhancements like audit logs and password hardening., (*3)
Reasons
This package was created to handle multiple projects with composer update
. We just include this collection into our composer.json
and stick to the guidelines about which plugins should be included here. WordPress evolves with time and some plugins will propably be pointless at some point, if that happens we will remove those unneccessary plugins., (*4)
Installation
$ composer require devgeniem/wp-security-collection
Guidelines
We only want to add minimal plugins which enhance small part of WordPress., (*5)
Password hardening
WordPress should require long passwords and store them with secure hashes., (*6)
Audit logs
WordPress should produce audit logs which we can use to analyse user actions., (*7)
Requirements
- >= PHP 7.0
- WordPress
- Use composer to update your site rather than using WordPress auto updates
Composer.json settings
For correct installation your project should define following installation paths in extra
section:, (*8)
extra: {
"installer-paths": {
"web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin"],
"web/app/plugins/{$name}/": ["type:wordpress-plugin"]
},
"dropin-paths": {
"web/app/": ["type:wordpress-dropin"]
}
}
We use bedrock styled names for wp-content
. Replace web/app
according for your project., (*9)
Maintainers
Onni Hakala, (*10)
Changelog
See the included CHANGELOG.md, (*11)
License
Respect the licenses of used libraries. This readme and composer are licensed under MIT, (*12)