Security Issues

After connecting WordPress websites to your MainWP Dashboard, the MainWP plugin will scan your Child Sites for a couple of known security issues and alert you if there are detected issues.

Issues Searched by The MainWP Plugin

  • Directory listing prevention – MainWP Plugin will check if it’s possible to list /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories. After fixing this issue, an empty index.php file will be inserted in each directory in order to prevent listing.
  • WordPress version detection – MainWP Plugin will check if it’s possible to detect a version of the WordPress installation. After fixing this issue, WordPress generator meta tag will be removed from the head sections of the Child Site
  • Really Simple Discovery (RSD) meta tag detection – MainWP Plugin will check if it’s possible to detect RSD version. After fixing this issue, RSD meta tag will be removed from head sections of the Child Site.
  • Windows Live Writer meta tag detection – MainWP Plugin will check if it’s possible to detect WLW version. After fixing this issue, WLW meta tag will be removed from head sections of the Child Site.
  • Database Error reporting – MainWP Plugin will check if database error reporting is enabled on your Child Site. After fixing this issue, database error reporting will be disabled.
  • PHP Error reporting – MainWP Plugin will check if PHP error reporting is enabled on your Child Site. After fixing this issue, PHP error reporting will be disabled. 
  • Scripts and Stylesheets version information detection – MainWP will try to detect versions of Scripts and Stylesheets. After fixing this issue, versions will be removed.
  • Scripts and Stylesheets registered version information has not been removed from URLs – MainWP will try to detect versions of Scripts and Stylesheets file names. After fixing this issue, versions will be removed from the file names.
  • readme.html detection – MainWP Plugin will check if the readme.html file exists in the WordPress root directory. After fixing this issue, MainWP plugin will delete this file. Unifix action is not available after fixing this issue. To unfix it, the file needs to be returned manually.
  • “admin” check – MainWP Plugin will check if there is an Administrator user with the “admin” username. This issue is not possible to fix automatically. To fix it, you need to manually delete the user and create a new Administrator user with a different username.
If the WordPress Version, RSD (Really Simple Discovery) meta tag, and the Windows Live Writer meta tag issues are fixed (removed) by using some other plugin, MainWP Dashboard will detect issues as fixed, but you will not be able to use the Unfix function. The Unfix function is able to undo the fix only if the fix is made by MainWP Dashboard.

Security Issues Widget

On the MainWP > Overview page, you will be able to find the Security Issues widget which will alert you if the MainWP Plugin has detected any security issue on your Child Sites.

Also, it will enable you to quickly Fix all detected issues.

Security Scan

If you need more details about the detected issues, the Security Scan page in the Individual Child Site mode will provide you ability to review all security issues and fix ones that you want.

  1. Login into your MainWP Dashboard
  2. Go to the MainWP > Sites > Manage page
  3. Locate a Child Site where you want to fix detected Security Issues
  4. Under the URL column of the Manage Sites table
    1. Locate the Security Scan action
    2. Click it to access the Security Scan page for the Child Site

Security Issues

Fixing Issues

  • To fix all issues, click the Fix All button under the list
  • To fix a single issue, click the Fix action in the corresponding row
  • To unfix a single issue, click the Unfix action in the corresponding row