PHPackages helsingborg-stad/wpmu-security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. helsingborg-stad/wpmu-security ActiveWordpress-muplugin[Security](/categories/security) helsingborg-stad/wpmu-security ============================== A WordPress MU Plugin for security enhancements 1.9.1(1mo ago)12.1k↓42.1%3[1 issues](https://github.com/helsingborg-stad/wpmu-security/issues)[6 PRs](https://github.com/helsingborg-stad/wpmu-security/pulls)MITPHPCI passing Since May 26Pushed 1mo agoCompare [ Source](https://github.com/helsingborg-stad/wpmu-security)[ Packagist](https://packagist.org/packages/helsingborg-stad/wpmu-security)[ RSS](/packages/helsingborg-stad-wpmu-security/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (15)Versions (61)Used By (0) 🔐 WordPress Security Hardening Plugin ===================================== [](#-wordpress-security-hardening-plugin) A lightweight WordPress plugin focused on modern security hardening best practices without unnecessary bloat. 🚀 Features ---------- [](#-features) - ✅ Generic login error messages (prevent user enumeration) - ✅ Generic password reset responses - ✅ HTTP Strict Transport Security (HSTS) - ✅ CORS configuration - ✅ Subresource Integrity (SRI) for scripts and styles - ✅ XML-RPC disabling - ✅ Comment sanitization (anti-XSS) - ✅ Content Security Policy (CSP) - ✅ **Custom port number support** (development environments, custom setups) - ✅ Api Rate Limiter ⚙️ Configuration ---------------- [](#️-configuration) This plugin is designed to be hassle free, however if you like to add domains that are not detected in the content security policy. Please use the following filter: ``` add_filter( 'WpSecurity/Csp', function ($domains) { if(!isset($domains['connect-src'])) { $domains['connect-src'] = []; } $domains['connect-src'][] = 'https://*.domain.com'; $domains['connect-src'][] = 'https://*.domain.net'; return $domains; } ); ``` 🔧 Custom Port Support --------------------- [](#-custom-port-support) The plugin fully supports WordPress installations running on custom ports (e.g., `localhost:8080` for development). All security features work correctly with custom ports: - ✅ CSP headers include port numbers in domain policies - ✅ CORS headers respect the full URL with port - ✅ SRI verification works with local assets on custom ports - ✅ All URL parsing and domain matching handles ports correctly No additional configuration is needed - the plugin automatically detects and handles custom ports from your WordPress site URL. For detailed information about custom port support, see [CUSTOM\_PORTS.md](CUSTOM_PORTS.md). ### Health Score 42 — FairBetter than 90% of packages Maintenance69 Regular maintenance activity Popularity24 Limited adoption so far Community13 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 57.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~7 days Recently: every ~27 days Total 44 Last Release 54d ago Major Versions 0.6.4 → 1.0.12025-05-27 ### Community Maintainers ![](https://www.gravatar.com/avatar/f46fe64973c3e89d15c745c0bf601c25983bafea81d30e64d4bf813a6f8c8c7c?d=identicon)[sebastianthulin](/maintainers/sebastianthulin) --- Top Contributors [![sebastianthulin](https://avatars.githubusercontent.com/u/797129?v=4)](https://github.com/sebastianthulin "sebastianthulin (12 commits)")[![Copilot](https://avatars.githubusercontent.com/in/1143301?v=4)](https://github.com/Copilot "Copilot (4 commits)")[![NiclasNorin](https://avatars.githubusercontent.com/u/103985736?v=4)](https://github.com/NiclasNorin "NiclasNorin (3 commits)")[![michaelclaesson](https://avatars.githubusercontent.com/u/18331514?v=4)](https://github.com/michaelclaesson "michaelclaesson (1 commits)")[![thorbrink](https://avatars.githubusercontent.com/u/1064724?v=4)](https://github.com/thorbrink "thorbrink (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/helsingborg-stad-wpmu-security/health.svg) ``` [![Health](https://phpackages.com/badges/helsingborg-stad-wpmu-security/health.svg)](https://phpackages.com/packages/helsingborg-stad-wpmu-security) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)