Security Issues

After connecting WordPress websites to your MainWP Dashboard, the MainWP plugin will scan your Child Sites for a couple of known security issues and alert you if there are detected issues.

Issues Searched by The MainWP Plugin

  • Directory listing prevention - MainWP Plugin will check if it's possible to list /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories. After fixing this issue, an empty index.php file will be inserted in each directory in order to prevent listing.
  • WordPress version detection - MainWP Plugin will check if it's possible to detect a version of the WordPress installation. After fixing this issue, the WordPress generator meta tag will be removed from the head sections of the Child Site.
  • Really Simple Discovery (RSD) meta tag detection - MainWP Plugin will check if it's possible to detect the RSD version. After fixing this issue, the RSD meta tag will be removed from the head sections of the Child Site.
  • Windows Live Writer meta tag detection - MainWP Plugin will check if it's possible to detect the WLW version. After fixing this issue, the WLW meta tag will be removed from the head sections of the Child Site.
  • Database Error reporting - MainWP Plugin will check if database error reporting is enabled on your Child Site. After fixing this issue, database error reporting will be disabled.
  • PHP Error reporting - MainWP Plugin will check if PHP error reporting is enabled on your Child Site. After fixing this issue, PHP error reporting will be disabled. 
  • readme.html detection - MainWP Plugin will check if the readme.html file exists in the WordPress root directory. After fixing this issue, the MainWP plugin will delete this file. Unifix action is not available after fixing this issue. To unfix it, the file needs to be returned manually.
  • "admin" check - MainWP Plugin will check if there is an Administrator user with the "admin" username. This issue is not possible to fix automatically. To fix it, you need to manually delete the user and create a new Administrator user with a different username.
If the WordPress Version, RSD (Really Simple Discovery) meta tag, and the Windows Live Writer meta tag issues are fixed (removed) by using some other plugin, MainWP Dashboard will detect issues as fixed, but you will not be able to use the Unfix function. The Unfix function can undo the fix only if MainWP Dashboard makes the fix.

Security Issues Widget

On the MainWP > Overview page, you will be able to find the Security Issues widget, which will alert you if the MainWP Plugin has detected any security issue on your Child Sites. Also, it will enable you to fix all detected issues quickly.

Security Scan

If you need more details about the detected issues, the Security Scan page in the Individual Child Site mode will provide you the ability to review all security issues and fix the ones that you want.
  1. Login in to your MainWP Dashboard
  2. Go to the MainWP > Sites > Manage Sites page
  3. Locate a Child Site where you want to fix detected Security Issues
  4. Under the actions menu
    1. Locate the Security Scan action
    2. Click it to access the Security Scan page for the Child Site.

Fixing Issues

  • To fix all issues, click the Fix All button under the list
  • To fix a single issue, click the Fix action in the corresponding row
  • To unfix a single issue, click the Unfix action in the corresponding row

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.