kodansha / killer-pads
Killer Pads is a plugin like security pads for "prevention is better than cure". It activates the default configuration of security and operational efficiency to WordPress websites.
Installs: 140
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 9
Forks: 0
Open Issues: 1
Type:wordpress-plugin
Requires
- php: >=7.3
README
Killer Pads is a plugin like security pads for "prevention is better than cure". It activates the default configuration of security and operational efficiency to WordPress websites.
Features
Admin page customization
- Disable admin dashboard page
- Add favicon to admin pages (
favicon.ico
,favicon.png
orfavicon.svg
must be placed in your theme's root directory) - Disable post autosave
- Disable comments features by default
Remove REST routes
- Remove all routes except ones used by famous plugins and explicitly whitelisted
Security concerns
- Disable XML-RPC
Installation
This plugin is intended to be installed exclusively via Composer.
Configure your composer.json
like the following:
{ // ... snip ... "require": { // ... snip ... "kodansha/killer-pads": "^1.0.0", // ... snip ... }, // ... snip ... }
Configuration
REST routes
By default, only the following namespaces are allowed in whitelist:
api
preview
If you want to provide your own whitelist (e.g. wp/v2
), add the following to wp-config.php
:
define('KILLER_PADS_NAMESPACE_WHITELIST', ['wp/v2', 'preview']);
Warning Rest routes that start with
/wp/v2/users
are always blocked even when thewp/v2
namespace is whitelisted.
Remove Dashboard function configuration
When activating this plugin, admin home page is being redirected to /edit.php?post_type=post
.
If you want to change the path to be redirected, add the following to wp-config.php
:
define('KILLER_PADS_ADMIN_HOME_PAGE_PATH', "edit.php?post_type=page");
Enable comments
Comments features are completely disabled by default. If you want to use
comments and need to show comments menu in admin pages, add the following to
wp-config.php
:
define('KILLER_PADS_ENABLE_COMMENTS', true);