The development of this version has cost 1,160 euros. The accumulated cost for this year is 8,040 euros. The accumulated cost since the first version is 8,040 euros, but the cost for you is only the license of 30€.
New version 2.3.x of the plugin MCP Content Manager Premium for WordPress and WooCommerce. This version introduces a complete security system with auditing, hardening, and login protection for your WordPress site.
Branch versions
2.3.0
Security Audit and Management
- New: Security audit with score 0-100 and grades from A+ to F (mcm/security-audit).
- New: Application of individual security measures by ID with risk level control (mcm/security-apply).
- New: Quick summary of security status without full audit (mcm/security-status).
- New: Security guide that serves as a complete hardening reference (mcm/security-guidelines).
- New: MCM_Security_Manager — central dispatcher with log of 23 measures, mu-plugin generator with markers [MCM-SEC:id].
- New: MCM_Security_Auditor — read-only audit engine that checks the 23 measures, 2FA recommendation, debug mode verification, admin user check, SSL verification.
- New: Three risk levels: SAFE (apply directly), CAUTION (explain risks first), CRITICAL (requires backup confirmation).
- New: Scoring system: 100 points distributed across 20 scored measures, with exclusions for high-risk measures.
- New: Batch application of all SAFE measures with optional exclusions (mcm/security-apply-safe).
- New: Reversion of previously applied measures by ID (mcm/security-revert).
- New: Batch reversion of SAFE measures (mcm/security-revert-safe).
- New: Security flow instructions in the MCP server description.
File and Configuration Hardening
- New: MCM_Security_WPConfig — management of constants in wp-config.php (DISALLOW_FILE_EDIT, FORCE_SSL_ADMIN, DISALLOW_FILE_MODS) with secure writing protocol via MCM_File_Manager.
- New: MCM_Security_Htaccess — management of delimited blocks in .htaccess with markers # BEGIN/END MCM Security, Nginx detection with equivalent configuration output.
- New: 7 file-based security measures implemented: disabling file editing, protection of wp-config.php and .htaccess, disabling directory listing, blocking PHP execution in uploads, protecting sensitive files, forcing SSL in admin, disabling file modification.
- New: Additional indicators in the audit: detection of 2FA plugin, debug mode, SSL, admin user, database prefix, automatic updates.
- New: 2FA recommendation for the official WordPress Two-Factor plugin (https://wordpress.org/plugins/two-factor/).
- New: Hardening skill mapping in coding guidelines (context="hardening" → custom/site-security). Security context preserved for secure coding practices.
Login and Authentication Protection
- New: MCM_Security_Login — login and authentication manager: protection against brute force, session timeout due to inactivity, weak password auditing, XML-RPC protection (3 modes), custom login URL, forced logout.
- New: Progressive brute force blocking via mu-plugin: 5 failures → 15 min, 10 → 1 hour, 20 → 24 hours. IP hashed with SHA-256.
- New: Session timeout due to inactivity with configurable times by role (default: 30 min admin, 60 min editor).
- New: Client-side inactivity detection script (idle-logout.js) with overlay visual alert and "Keep Session" button.
- New: Weak password auditing that checks administrators/editors/authors against the 50 most common passwords.
- New: XML-RPC protection with 3 modes: selective (blocks dangerous methods, preserves safe), full_block (.htaccess deny), completely_disable (hook + .htaccess).
- New: Custom login URL with emergency recovery via transient or file mcm-emergency-login.txt.
- New: Emergency access to login — temporarily restores /wp-login.php when a custom URL is active (mcm/security-emergency-login).
- New: Forced logout of all users or by role — preserves MCP OAuth connection (mcm/security-force-logout).
HTTP Headers and Permissions
- New: MCM_Security_Headers — security HTTP headers manager with basic/full modes and header configuration.
- New: MCM_Security_Permissions — checker and fixer of file permissions for WordPress core paths.
- New: Security HTTP headers via mu-plugin send_headers hook: X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy. The full mode adds HSTS (with irreversibility warning) and CSP (Report-Only by default).
- New: File permissions audit: checks wp-config.php (440), directories (755), and key files (644). The fix mode applies recommended permissions.
CAUTION Measures Implemented
- New: 7 fully implemented CAUTION level measures: XML-RPC protection (3 modes), REST API protection, user enumeration prevention, forcing SSL in admin, security headers, custom login URL, file permissions correction.
- New: REST API protection blocks unauthenticated access to /wp/v2/users. Whitelist of endpoints: MCP (/mcp/*), WooCommerce (/wc/*), Jetpack and Site Health.
- New: User enumeration prevention: /?author=N → 404, author data removed from oEmbed, unified login error messages.
Database Security
- New: MCM_Security_Database — database prefix change manager with SQL transactions (START TRANSACTION / COMMIT / ROLLBACK).
- New: Database prefix change (database_prefix_change): renames WordPress tables, updates $table_prefix in wp-config.php, fixes usermeta keys (capabilities, user_level, etc.) and user_roles option.
- New: Pre-validation: checks that all core tables exist, detects prefix conflicts, validates prefix format.
- New: Partial failure recovery: if writing to wp-config.php fails after renaming tables, returns recovery instructions with the new prefix.
Other News
- New: Changelog tool that returns the plugin change history via MCP, filterable by version or amount (mcm/changelog).
Fixes
- Fix: Progressive blocking now uses a separate lock transient with correct TTL per level (previously used a single 24h counter).
- Fix: Slim SEO og_title and og_description are now correctly mapped to facebook_title and facebook_description in the serialized array (compatibility improved from 3/6 to 5/6 fields).
SEO Compatibility
- Verified: Full SEO compatibility verified with 8 plugins — Yoast SEO, Rank Math, AIOSEO, The SEO Framework, SiteSEO, Slim SEO, Squirrly SEO, SureRank.
You can acquire the license for MCP Content Manager Premium on the product page.
