“I have more than 200 subscribers and would like to reset their passwords automatically to something better. “… https://wordpress.org/support/topic/change-passwords-2/

Add feature to enable email notification for vulnerabilities: Outdated plugins Known vulnerabilities in plugins  

Can Security Ninja whitelist User-Agent (https://betteruptime.com/faq)? Then it will not keep adding records into table wp_wf_sn_cf_vl.

Allow to change the login url and hide the default wp-login.php, /wp-admin, /admin etc.

1) Change Database Table Prefix 2) Hide Backend login with custom name 3) Change or update Salts key on wp config settings 4) Hide all reference string version or generator of plugin inside code

Ability to select multiple fix and bulk fix them automaticly

Choose to export and import only selected modules, eg. Firewall settings.

More details on amount of banned traffic to spot trends.

Manually block IPs. + Add one-click ban functionality on individual logged IPs. + Show latest logged visitors with more details. Suggested by Barry.

“Why I have to choose tab-by-tab to do Security Test > Core Test > Firewall turn on > Scheduler? Other plugins just simply add a wizard button and onboarding new users do action and it is professional.

To integrate into MainWP interface, similar to iThemes integration – https://mainwp.com/extension/ithemes-security/ Suggested by Raj Siva-Rajah

1) ability to block spam comments 2) ability to block spam user account creations Suggested by Shay

“Is there option to generate / download and/or email scan results as a pdf report?” Suggestion by Jason

“Can you please add a way of reverting any fixes that we apply (maybe somehow it takes a backup of the original files and if needed it coud just add them back again).” Suggested by Jay

Add 2FA – Two Factor Authentication functionality to the WP login form. By Jay.

“Hope Slack Notification support beside email notification that is not reliable sometimes (my clients maybe not install SMTP plugin for example). And better have a lock slack channel to prevent the clients mess it accidentally.” Suggest by Cuong

“Can we provide read only privileges for settings to roles other than Admin?” Suggestion by Clev.

Add option under whitelabel to hide the plugin instead of renaming.

“Chrome Browser version 80 will force any 3rd Javascript to embed to the site has set `SameSite=None` and `Secure`. I hope Security Ninja can notice my clients about it as well.” Suggestion by Cuong – https://secure.helpscout.net/conversation/1003665194/1073/

Check to see if server is running MariaDB in lieu of MySQL (i.e., don’t flag for being on MySQL 5.5 if MariaDB is at 10.4) From Courtney G.

Check if NGINX is used, and if so, offer NGINX conf and not Apache .htaccess solutions (even if those can’t be auto-fixed) From Courtney G.

Extra security measure – Add a feature where only people from a specific country is allowed to log in. The trick is to use another country than the one you live in. So if you live in the US, only allow users …

Require VPN to log in Continue Reading »

Find outdated jQuery libraries. “Detect plugin and theme has outdate jQuery library” – Suggestion from Cuong.

“I see this feature all security plugin and think it is reasonable to have it. I think it will be better if Security Ninja also has it.” Suggestion by Cuong

Suggestion by Jose

When doing a scan and files come up as modified, show how the file have been changed. “can you show a compare code side by side showing the original code + what code and where other code has been changed. Even can …

Show differences in files Continue Reading »

When possible, offer a way to automatically restore an infected file by clicking a button.

Add scheduled malware scans with reports by email. Suggested by Mulyadi.

Use the haveibeenpwned.com API to check the user emails and/or passwords have not been part of a breach. Note: This will require setting up an intermediary API endpoint, since not possible to hide the HIBP key in the plugin. ref: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/

Make it impossible to detect your website is running WordPress at all. By Jay.