This is a composer metapackage which includes WordPress plugins for security.

1.0 2016-11-07 15:18 UTC

This package is auto-updated.

Last update: 2023-09-20 13:08:19 UTC



WordPress Security Plugin Collection

Latest Stable Version Total Downloads Latest Unstable Version License

This is WordPress plugin collection which adds security enhancements like audit logs and password hardening.


This package was created to handle multiple projects with composer update. We just include this collection into our composer.json and stick to the guidelines about which plugins should be included here. WordPress evolves with time and some plugins will propably be pointless at some point, if that happens we will remove those unneccessary plugins.


$ composer require devgeniem/wp-security-collection


We only want to add minimal plugins which enhance small part of WordPress.

Password hardening

WordPress should require long passwords and store them with secure hashes.

Audit logs

WordPress should produce audit logs which we can use to analyse user actions.


  • = PHP 7.0

  • WordPress
  • Use composer to update your site rather than using WordPress auto updates

Composer.json settings

For correct installation your project should define following installation paths in extra section:

extra: {
    "installer-paths": {
      "web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin"],
      "web/app/plugins/{$name}/": ["type:wordpress-plugin"]
    "dropin-paths": {
      "web/app/": ["type:wordpress-dropin"]

We use bedrock styled names for wp-content. Replace web/app according for your project.


Onni Hakala


See the included


Respect the licenses of used libraries. This readme and composer are licensed under MIT