Allow to change the login url and hide the default wp-login.php, /wp-admin, /admin etc.
1) Change Database Table Prefix 2) Hide Backend login with custom name 3) Change or update Salts key on wp config settings 4) Hide all reference string version or generator of plugin inside code
Ability to select multiple fix and bulk fix them automaticly
Choose to export and import only selected modules, eg. Firewall settings.
More details on amount of banned traffic to spot trends.
Manually block IPs. + Add one-click ban functionality on individual logged IPs. + Show latest logged visitors with more details. Suggested by Barry.
“Why I have to choose tab-by-tab to do Security Test > Core Test > Firewall turn on > Scheduler? Other plugins just simply add a wizard button and onboarding new users do action and it is professional.
To integrate into MainWP interface, similar to iThemes integration – https://mainwp.com/extension/ithemes-security/ Suggested by Raj Siva-Rajah
The autofixer can turn on/off features, but does not allow a way to enable or disable again. Allow features such as theme and plugin editor to be enabled again once turned off. Idea by Xin
1) ability to block spam comments 2) ability to block spam user account creations Suggested by Shay
“Is there option to generate / download and/or email scan results as a pdf report?” Suggestion by Jason
“Can you please add a way of reverting any fixes that we apply (maybe somehow it takes a backup of the original files and if needed it coud just add them back again).” Suggested by Jay
Add 2FA – Two Factor Authentication functionality to the WP login form. By Jay.
“Hope Slack Notification support beside email notification that is not reliable sometimes (my clients maybe not install SMTP plugin for example). And better have a lock slack channel to prevent the clients mess it accidentally.” Suggest by Cuong
“Can we provide read only privileges for settings to roles other than Admin?” Suggestion by Clev.
Add option under whitelabel to hide the plugin instead of renaming.
Check to see if server is running MariaDB in lieu of MySQL (i.e., don’t flag for being on MySQL 5.5 if MariaDB is at 10.4) From Courtney G.
Check if NGINX is used, and if so, offer NGINX conf and not Apache .htaccess solutions (even if those can’t be auto-fixed) From Courtney G.
Find outdated jQuery libraries. “Detect plugin and theme has outdate jQuery library” – Suggestion from Cuong.
“I see this feature all security plugin and think it is reasonable to have it. I think it will be better if Security Ninja also has it.” Suggestion by Cuong
Suggestion by Jose
When possible, offer a way to automatically restore an infected file by clicking a button.
Add scheduled malware scans with reports by email. Suggested by Mulyadi.
Use the haveibeenpwned.com API to check the user emails and/or passwords have not been part of a breach. Note: This will require setting up an intermediary API endpoint, since not possible to hide the HIBP key in the plugin. ref: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/
Make it impossible to detect your website is running WordPress at all. By Jay.