MJP Security Tools

MJP Security Tools is a focused hardening plugin that does four things well:

• XSS Database Scanner — scans every table for <script>, <iframe>, onclick, javascript: and other injection patterns
• POST Request Log — records all POST data (passwords masked) with IP, user agent, and URL for CSRF/audit detection
• Failed Login Log — tracks every failed login attempt with username, IP, and timestamp
• File Permission Checker — verifies WordPress root files and directories have safe permissions, checks for missing index.html files and SVN working copies

What this plugin does NOT do (because WordPress core already handles it):

• SSL enforcement — use FORCE_SSL_ADMIN or let WordPress 5.7+ auto-redirect
• Password strength — WordPress core enforces strong passwords since 4.3
• Login rate limiting — use a dedicated plugin like Limit Login Attempts Reloaded
• Version number hiding — marginal benefit, not worth the complexity

Upgrading from v1.x:

• The admin page has moved from jQuery UI tabs to native WordPress nav tabs
• SSL forcing, password enforcement, login throttling, version hiding, admin username changing, database prefix randomization, password reset, and .htaccess generation have been removed — WordPress core and dedicated security plugins handle these better
• PHP sessions replaced with WP transients for flash messages
• Log data is now stored as JSON instead of serialized PHP
• The Javacrypt client-side crypt(3) script has been removed