- Author: Mindshare Labs, Inc.
- License: GPL v3
- Copyright: 2006-2017
- Link: https://mindsharelabs.com/downloads/mindshare-client-security/
Provides security updates and additional features for WordPress CMS websites.
Any of these options can be added to your theme or plugin:
Turn off Dashboard cleanup with:
remove_action('admin_menu', array('mcms_ui', 'clear_dashboard'));
remove_action('admin_head', array('mcms_ui', 'admin_head'));
Turn off Admin Bar tweaks with:
remove_action('admin_bar_menu', array('mcms_ui', 'admin_bar_menu'));
Set Mindshare defaults in WordPress (only needs to run once, then can be removed):
// set defaults
add_action('admin_init', array('mcms_settings', 'defaults'));
// set rewrite rules to /%category%/%postname%/
add_action('admin_init', array('mcms_settings', 'rewrite'));
Create a crossdomain.xml file (for Flash). Technically, this is deprecated but still works if you need it. Create the file like so:
mcms_files::crossdomain();
To avoid PHP errors if you deactivate the Mindshare Security plugin wrap any of the above examples with a test to make sure it is active:
if(is_plugin_active('mindshare-client-security.git/mcms-admin.php')) {
// your code
}
This feature initializes WordPress with some default settings. It is meant to save a little time when setting up new WordPress installs ONLY.
- sets the name/tagline
- turns off organization of uploads into year and month
- disables commenting by default
- disables show_avatars by default
- deletes Hello Dolly, readme.html, license.txt
- set site admin email to [email protected]
- set RSS feeds to summary mode
- sets time / date settings
- sets avatar_rating to PG
- clears default_pingback_flag
- sets default_ping_status to closed
- disabled comment emails
- enables comment_moderation
- enables comment_registration
- enables comment_whitelist
- disables trackbacks
- enables HTML tag cleanup
- disbales use_smilies
- changes default_post_edit_rows to 15
- sets frontpage to static page
- sets permalinks to "/%category%/%postname%/"
- Updated .htaccess rules for SSL
- Added .htaccess rule to block .git files and folders
- Cleanup some deprecated fns
- Update email address settings
- Update BRI IP
- Remove wp-* catch all rule from robots.txt to allow Googlebot to index CSS/JS
- Bugfix for WP_User_Query
- Bugfix for automatic updates
- Speed improvements
- Remove Options framework, replaced with simple flag for loading defaults
- Removed admin page, no longer needed.
- Added check for nginx to disable Apache specific stuff on nginx
- Auto-activate ACF
- Made blacklist auto updates OFF by default (it was too long for many shared hosts POST limits)
Renamed plugin, change Access-Control-Allow-Origin in default htaccess, added custom post types to the "Right Now" box on the Dashboard, added action to prevent new user notification to admins, added auto-updates for comment blacklist
Made GZIP enabled by default for Mindshare hosting accounts in .htaccess
WP3.8 reading settings fix
add composer.json file, WP3.8 auto update support
minor bugfix
minor bugfix, upgraded Options for WordPress
re-enable EDD
temp disable EDD
critical bugfix
switch to EDD, Options for WordPress, updates for WP 3.8, moved to Git, improved htaccess rules
minor changes, remove tri.be widget, made .htaccess defaults more conservative, code cleanup
updated externals
removed login page functions, menu sorting, migrated to Mindshare Theme API
updated externals
updated MSAD lib to 0.4.2
bugfixes for update mechanism
updated externals (MSAD lib)
updated externals
updated externals, bugfixes, removed MS branding, updated settings
updated externals
updated externals, fixed login screen
updated externals
updated externals
minor change to user admin, fixed menu sorting
made this sucka respectable
removed blc more link
removed permissions check
bugfix for ACF
disable admin email override entirely due to form plugin issues (formidable, cf7)
disabled manageWP API, minor updates
major reorganization & cleanup
added fix for contact-form-7 plugin
added auto update mechanism
added security service indicator and check
added GetSupport menu to wp_admin_bar
added support for manageWP API (sort of... doesn't seem to be working)
bugfix
compatibility for WP 3.3
re-enabled custom fields and trackbacks
revamped htaccess rules, cleaned up structure / general code overhaul, removed pre WP 2.6 compatibility
optimized display:none css calls
removed #footer div from admin
fixed 'Howdy'
bugfixes
added security updates and a few other fixes
changed screen options so that author is visible
fixed notice at footer
updates for WP 3.0, removed Hide Dashboard for wpmu compat
syntax error fixed that affects user who are not level10
fixed js error introduced in version 3.0.8
fixed htaccess for adding www, added wpmu support, made update notices monthly, support for admin menu editor, removed howdy, crossdomain.xml
added extra security measures + update notification by email + tons of great new stuff
fixed permission errors for SWCP & removed WP-DB Manager nag
removed stupid yst_db_widget-hide again!!
removed header-logo div, sorted long admin menus, added hide dashboard capability, removed wpgeo dash widget
removed pressthis from tools, removed yoast widget, added screen options, fixed admin menu indexes for unsets,
css fix for wp shopping cart
added support postMash
added support for WP Geo, removed custom fields and trackbacks by default
added more security features, added htaccess redirects for login and logout pages
fixed JS error for expand/collapse all links in pagemash
updated dashboard widget removal mechanism, modded for page mash plugin
mod for Page Lists Plus, removed update nag for non-editors, removed info@ for hiding menu items, remove WordPress from title
overhauled for WP 2.7
Updated to work with Ozh Admin Menu
Added sign out reminder