Make it impossible to detect your website is running WordPress at all. By Jay.
Ability to select multiple fix and bulk fix them automaticly
Choose to export and import only selected modules, eg. Firewall settings.
Find outdated jQuery libraries. “Detect plugin and theme has outdate jQuery library” – Suggestion from Cuong.
When possible, offer a way to automatically restore an infected file by clicking a button.
Allow to change the login url and hide the default wp-login.php, /wp-admin, /admin etc.
1) Change Database Table Prefix 2) Hide Backend login with custom name 3) Change or update Salts key on wp config settings 4) Hide all reference string version or generator of plugin inside code
Manually block IPs. + Add one-click ban functionality on individual logged IPs. + Show latest logged visitors with more details. Suggested by Barry.
To integrate into MainWP interface, similar to iThemes integration – https://mainwp.com/extension/ithemes-security/ Suggested by Raj Siva-Rajah
1) ability to block spam comments 2) ability to block spam user account creations Suggested by Shay
Add 2FA – Two Factor Authentication functionality to the WP login form. By Jay.
“Hope Slack Notification support beside email notification that is not reliable sometimes (my clients maybe not install SMTP plugin for example). And better have a lock slack channel to prevent the clients mess it accidentally.” Suggest by Cuong
Add option under whitelabel to hide the plugin instead of renaming.
Check if NGINX is used, and if so, offer NGINX conf and not Apache .htaccess solutions (even if those can’t be auto-fixed) From Courtney G.
“I see this feature all security plugin and think it is reasonable to have it. I think it will be better if Security Ninja also has it.” Suggestion by Cuong
Suggestion by Jose
Use the haveibeenpwned.com API to check the user emails and/or passwords have not been part of a breach. Note: This will require setting up an intermediary API endpoint, since not possible to hide the HIBP key in the plugin. ref: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/
“I have more than 200 subscribers and would like to reset their passwords automatically to something better. “… https://wordpress.org/support/topic/change-passwords-2/
Add feature to enable email notification for vulnerabilities: Outdated plugins Known vulnerabilities in plugins
Can Security Ninja whitelist User-Agent (https://betteruptime.com/faq)? Then it will not keep adding records into table wp_wf_sn_cf_vl.
More details on amount of banned traffic to spot trends.
“Why I have to choose tab-by-tab to do Security Test > Core Test > Firewall turn on > Scheduler? Other plugins just simply add a wizard button and onboarding new users do action and it is professional.
“Is there option to generate / download and/or email scan results as a pdf report?” Suggestion by Jason
“Can you please add a way of reverting any fixes that we apply (maybe somehow it takes a backup of the original files and if needed it coud just add them back again).” Suggested by Jay
“Can we provide read only privileges for settings to roles other than Admin?” Suggestion by Clev.
Check to see if server is running MariaDB in lieu of MySQL (i.e., don’t flag for being on MySQL 5.5 if MariaDB is at 10.4) From Courtney G.
Add scheduled malware scans with reports by email. Suggested by Mulyadi.