توضیحات
WP Master ToolKit is your all-in-one solution for optimizing WordPress. It streamlines your dashboard, enhances workflows, and simplifies content and settings management. Customize your WordPress installation effortlessly with all the tools you need at your fingertips.
Presentation of the extension by Alexis Fichou (WP-Origami) 🇫🇷:
86 Free features
- Adminer: A full-featured database management tool.
- Allow Menu Custom Links to Open in New Tab: Enable custom menu links to open in a new tab with a checkbox. For security and SEO, links include the
rel="noopener noreferrer nofollow"
attribute. - Apple Touch Icon: Manage app icon (Apple Touch Icon) individually. Once activated, go to Settings / General for change your Apple Touch icon without impact your favicon.
- Auto Regenerate Salt Keys: WordPress salt keys or security keys are codes that help protect important information on your website.
- Auto-Publish Posts with Missed Schedule: Automatically initiate the publication of scheduled posts marked with "missed schedule" upon each visit to the website, across all post types.
- Ban Emails: Ban the chosen emails.
- Blacklisted Usernames: Prevent the creation of new user accounts with predifined blacklisted usernames. Blacklist usernames that are too common.
- Block User Registration from Disposable Email: Block user registration from disposable email addresses. Disposable email addresses are temporary email addresses that are used to register on websites that require email verification.
- Child theme generator: A simple tool to generate a child theme on your WordPress. You can disable it after generation.
- Clean Profiles: Tidy up user profiles by removing sections you do not utilise.
- Clean Up Admin Bar: Remove various elements from the admin bar.
- Code Snippets: Add custom code snippets without editing the theme’s functions.php. Ideal for CSS, JavaScript, and PHP. To disable all snippets, add to wp-config.php:
define('WPMASTERTOOLKIT_SNIPPETS_SAFE_MODE', true);
- Content Duplication: Enable one-click duplication of pages, posts and custom posts. The corresponding taxonomy terms and post meta will also be duplicated.
- Content Order: Enable custom ordering of various "hierarchical" content types or those supporting "page attributes". A new 'Order' sub-menu will appear for enabled content type(s).
- Custom Admin CSS: Add custom CSS on all admin pages for all user roles.
- Custom Body Class: Add custom <body> class(es) on the singular view of some or all public post types.
- Custom Frontend CSS: Add custom CSS on all frontend pages for all user roles.
- Disable All Updates: Completely disable core, theme and plugin updates and auto-updates. Will also disable update checks, notices and emails.
- Disable Block-Based Widgets Settings Screen: Disable block-based widgets settings screen. Restores the classic widgets settings screen when using a classic (non-block) theme. This has no effect on block themes.
- Disable Dashboard Widgets: Clean up and speed up the dashboard by completely disabling some or all widgets. Disabled widgets won't load any assets nor show up under Screen Options.
- Disable Feeds: Completely disable RSS, Atom, and RDF feeds for posts, categories, tags, comments, authors, and search. Removes all feed URL references from the
<head>
section. - Disable Gutenberg: Deactivate the Gutenberg block editor selectively, allowing you to control its usage for specific or all relevant post types.
- Disable REST API: Disable REST API access for non-authenticated users and remove URL traces from <head>, HTTP headers and WP RSD endpoint.
- Disable Really Simple Discovery (RSD) <link> tag: Disable Dashicons CSS and JS on the front-end for public visitors. Note: This may affect custom forms relying on Dashicons. Check custom login forms and layouts after disabling.
- Disable WP Sitemap: Disable the default WordPress sitemap feature, which was introduced in WordPress 5.5.
- Disable Windows Live Writer (WLW) manifest <link> tag: Disable the Windows Live Writer (WLW) manifest <link> tag in <head>. The WLW app was discontinued in 2017.
- Disable WordPress shortlink <link> tag: Disable the WordPress shortlink
<link>
tag in<head>
. Replace with a shortlink plugin for custom names and click tracking. - Disable XML-RPC: Enhance security with advanced XML-RPC protection against brute force, DoS, and DDoS attacks. Trackbacks and pingbacks are also disabled to strengthen defenses.
- Disable cart fragments scripts: Disable cart fragments scripts on the front-end for public site visitors. This might break the functionality of the cart and checkout pages if they depend on cart fragments.
- Disable dashicons CSS and JS files: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
- Disable emoji support: Disable emoji support on the admin and frontend for pages, posts, and custom post types. Modern browsers now natively support emojis, making this feature unnecessary.
- Disable jQuery Migrate: Removes the jQuery Migrate script from the frontend of your site.
- Disable wp_mail: Disable the wp_mail function, which is used by WordPress to send emails. This feature is useful for websites that do not send emails, as it prevents the wp_mail function from loading and consuming resources.
- Disallow Bad Requests: Protect your site against a wide range of threats. check all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.
- Disallow Dir Listing: Disable the listing of the directories.
- Disallow Malicious File Access in upload: Protect your website from malicious file access in the upload directory.
- Disallow Plugin Upload: Disable zip file uploads for plugins, which are used to install plugins on your website.
- Disallow Theme Upload: Disable zip file uploads for themes, which are used to install themes on your website.
- Disallow WP File Edit: Prevent the modification of your website's core files through the WordPress admin panel.
- Disallow register user: Prevent the creation of new user accounts on your website with the native WordPress registration form.
- Duplicate Menu: Easily duplicate your WordPress Menus
- Enhance List Tables: Improve the usefulness of listing pages for various post types and taxonomies, media, comments and users by adding / removing columns and elements.
- Export Posts & Pages: Download your posts and pages to a .csv format.
- Export Users: Download your user data to a .csv format.
- External Permalinks: Enable pages, posts and/or custom post types to have permalinks that point to external URLs. The rel="noopener noreferrer nofollow" attribute will also be added for enhanced security and SEO benefits.
- File Manager: Browser and manage your files efficiently and easily.
- Force Strong Password: Enforce the use of strong passwords for all users on your website. This feature is especially useful for websites with multiple users, as it ensures that all users have a strong password that is difficult to guess or crack.
- Heartbeat Control: Modify the interval of the WordPress heartbeat API or disable it on admin pages, post creation/edit screens and/or the frontend. This will help reduce CPU load on the server.
- Hide Admin Bar: Hide the admin bar on the front end of your website for either specific user roles or all users.
- Hide Admin Notices: Improve user experience on admin pages by gathering all notifications in a popup (opened by clicking on the bell at the top right).
- Hide Login Errors: Hide the default WordPress login errors that appear when an incorrect username or password is entered.
- Hide PHP Versions: Some servers send a header called X-Powered-By that contains the PHP version used on your site. It may be a useful information for attackers, and should be removed.
- Hide WordPress Version: Hide the WordPress version from the source code.
- Image Upload Control: Resize newly uploaded, large images to a smaller dimension and delete originally uploaded files. BMPs and non-transparent PNGs will be converted to JPGs and resized.
- Insert <head>, <body> and <footer> Code: Easily insert <meta>, <link>, <script> and <style> tags, Google Analytics, Tag Manager, AdSense, Ads Conversion and Optimize code, Facebook, TikTok and Twitter pixels, etc.
- Last Login Column: Track and record the most recent login activity of site users, then showcase the date and time in the users list table
- Limit Login Attempts: Prevent brute force attacks by limiting the number of failed login attempts allowed per IP address.
- Local avatars: Replaces GRAVATAR management with media management.
- Lock Admin Email: Prevent the modification of the admin email address on your website.
- Lock Site URL: Prevent the modification of the site URL on your website.
- Log In/Out Menu: Enable log in, log out and dynamic log in/out menu item for addition to any menu.
- Maintenance Mode: Show a customizable maintenance page on the frontend while performing a brief maintenance to your site. Logged-in administrators can still view the site as usual.
- Manage ads.txt and app-ads.txt: Easily edit and validate your ads.txt and app-ads.txt content.
- Manage robots.txt: Easily edit and validate your robots.txt content.
- Media Cleaner: Automatically sanitize uploaded file names by removing special characters, and streamline media management by auto-generating key metadata fields (title, caption, alt text, and description) directly from the cleaned file name.
- Media Encoder: Automatically converts images to WebP when they are uploaded to the media library.
- Meta Debugger: Display all metadata for a post, user, term, or comment.
- Move Login URL: Change the default login URL to a custom URL of your choice.
- Multiple User Roles: Enable assignment of multiple roles during user account creation and editing. This maybe useful for working with roles not defined in WordPress core, e.g. from e-commerce or LMS plugins.
- Nav Menu Visibility: Control your nav menu by allowing you to apply visibility controls to menu.
- Obfuscate Author Slugs: Obfuscate author page URLs to hide user slugs (e.g.,
sitename.com/author/username1/
becomessitename.com/author/a6r5b8ytu9gp34bv/
) and return 404 errors for original URLs. Also obfuscates user data in the/wp-json/wp/v2/users/
REST API endpoint. - Obfuscate Email Addresses: Obfuscate email address to prevent spam bots from harvesting them, but make it readable like a regular email address for human visitors, using shortcode [wpm_obfuscate email="example@email.com" display="newline"]
- Open All External Links in New Tab: Ensure all external links in post content open in a new tab with
target="_blank"
and includerel="noopener noreferrer nofollow"
for security and SEO benefits. - Password Protection: Password-protect the entire site to hide the content from public view and search engine bots / crawlers. Logged-in administrators can still access the site as usual.
- Plugin & Theme Rollback: Revert to previous versions of any theme or plugin from WordPress.org.
- Post Per Page: Specifying the number of posts to display per page, for each post type.
- Prevent User Enumeration: Prevent user enumeration via ?author=X and REST API /users/ endpoints.
- Protect Website Headers: Add security headers quickly to your site to protect it from threats such as phishing attacks, data theft and more.
- Quick Add Post: A new button to quickly add new posts to speed up your workflow.
- Redirect 404 to Homepage: Sends visitors to your homepage if they try to access a page that doesn't exist, ensuring they stay on your site.
- Redirect After Login: Set custom redirect URL for all or some user roles after login.
- Redirect After Logout: Set custom redirect URL for all or some user roles after logout.
- Revisions Control: Avoid overloading the database by setting a cap on the number of revisions to save for certain or all types of posts that support revisions.
- SMTP Mailer: Set custom sender name and email. Optionally use external SMTP service to ensure notification and transactional emails from your site are being delivered to inboxes.
- SVG Upload: Enhance media library functionality to support the seamless uploading of SVG files.
- Wider Admin Menu: Give the admin menu more room to better accommodate wider items.
16 Pro features
- 410 Manager: Managing HTTP 410 statuses on your site. The 410 status indicates that the requested resource has been permanently deleted and that this deletion is intentional and final.
- Add Essentials Shortcodes: Insert dynamic variables into your titles and content via shortcodes.
- Auto clean actionscheduler_actions: Clean actionscheduler_actions database table from actions that have been completed | failed | cancelled.
- CRON Manager: Manage cron events on your website.
- Change Database Prefix: Quickly change your WordPress database prefix to save time and enhance security.
- Disable Comments: Manage the visibility of comments on your public posts by selectively disabling them for specific post types or across all posts. Once comments are disabled, any existing comments will seamlessly disappear from the front-end.
- Disallow Access WP Sensible Files: Delete the wp-config-sample.php, block access to readme.html, license.txt
- Disallow Countries IP: Include/Exclude countries IP
- Force Send All Email To: Force all emails sent from your website to be sent to a specific email address. This feature is useful for testing email functionality on your website, as it ensures that all emails are sent to a single email address.
- Hook And Filter Debugger: Displaying the sequence of action and filter hooks by their origin on a single page.
- Manage Admin Emails Notifications: Disable admin emails notifications.
- Paste Image In Media: With this feature you can paste directly your picture in WordPress media.
- Plugin Download: Download plugins from the plugins page in the WordPress admin panel.
- Two Factor Authentication: Add an extra layer of security to your website by enabling two-factor authentication for all users.
- Updates Logs: Track and record the most recent login activity of site users, then showcase the date and time in the users list table
- User Switching: Instant switching between user accounts.
⭐️ UPGRADE TO PRO VERSION: WPMasterToolKit Pro ⭐️
Other plugin by Webdeclic
Webdeclic is a French web agency based in Paris. We are specialized in the creation of websites and e-commerce sites. We are also the creator of the following plugins:
* QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly
* Cookie Dough Compliance and Consent for GDPR
* Univeral Honey Pot
* Clean My WP
* Mentions Legales Par Webdeclic
* Lexilink
* Show all plugins on WordPress.org
Support us
⭐️ If you like this plugin, please give us a 5 star rating on WordPress.org. This will motivate us to develop new features and write other plugins. ⭐️
☕️ If you want buy me a coffee, you can do it here : Buy me a coffee ☕️
عکسهای صفحه
نصب
- Upload the plugin files to the
/wp-content/plugins/wp-mastertoolkit
directory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the ‘Plugins’ screen in WordPress
- Use the WPMasterToolKit screen to configure the plugin
سوالات متداول
-
What is WPMasterToolKit?
-
WPMasterToolKit is a comprehensive plugin that provides a wide range of features designed to improve your WordPress. It includes tools to improve media management, user interface, site security and much more.
-
Will WPMasterToolKit slow down my website?
-
No, WPMasterToolKit is designed to be lightweight and efficient. This should not negatively impact your website performance.
-
Can WPMasterToolKit help with SEO?
-
Although WPMasterToolKit is not primarily an SEO plugin, it does include features that can help your site’s SEO, such as the ability to open external links in a new tab with the appropriate “rel” attributes.
-
How often is WPMasterToolKit updated?
-
We regularly update WPMasterToolKit to introduce new features, fix bugs and ensure compatibility with the latest versions of WordPress.
-
How can I contribute to WPMasterToolKit?
-
Contributions are welcome! You can contribute by reporting bugs, suggesting features, translating the plugin, or submitting code fixes.
-
Is WPMasterToolKit similar to ASE ?
-
Yes, WPMasterToolKit is similar to Admin and Site Enhancements (ASE), WP Extended and other all in one plugin.
-
How can I report security bugs?
-
You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.
نقد و بررسیها
توسعه دهندگان و همکاران
“WPMasterToolKit (WPMTK) – All in one plugin” نرم افزار متن باز است. افراد زیر در این افزونه مشارکت کردهاند.
مشارکت کنندگانترجمه “WPMasterToolKit (WPMTK) – All in one plugin” به زبان شما.
علاقه مند به توسعه هستید؟
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
گزارش تغییرات
2.0.0
- Added license system to switch to PRO version.
- Added links to the documentation of each module under their description.
- Add documentation in code on hooks and filters.
- Fix: Module “Move Login URL”: Problem with TranslatePress if the option “Use a subdirectory for the default language” is enabled on the TranslatePress settings.
- Fix: Module Local avatars: New CSS compatible with WP 6.7+.
- Fix: Module Apple Touch Icon: New CSS + JS compatible with WP 6.7+.
- Fix: Module Clean Up Admin Bar: Remove Howdy doesn’t work.
- Update: Module: Hide Admin Notices: Complete redesign of the interface, removal of the dedicated submenu and addition of a modal to store notifications in the admin bar.
- Update: Module maintenance mode: Add a countdown (PRO Only).
1.15.0
- Add Module: Prevent User Enumeration: Prevent user enumeration via ?author=X and REST API /users/ endpoints.
1.14.0
- Add Module: Media Cleaner: Automatically sanitize uploaded file names by removing special characters, and streamline media management by auto-generating key metadata fields (title, caption, alt text, and description) directly from the cleaned file name.
- Security update (reported by Patchstack, thanks @darius_fx): Arbitrary File Upload vulnerability and Arbitrary File Download vulnerability in Child Theme Generator module.
1.13.1
- FIX: WP 6.7 compatibility with translations, move translatable strings in hook after init.
1.13.0
- FIX: WP 6.7 compatibility with translations
- Add Module: Media Encoder: Automatically converts images to WebP when they are uploaded to the media library.
1.12.5
- FIX: Auto Regenerate Salt Keys: Problem on some installations
1.12.4
- FIX: Problem with ‘Header set Content-Security-Policy “upgrade-insecure-requests;”‘
1.12.3
- FIX: Problem with stats modal consent if you click on the bottom button for save.
1.12.2
- FIX: Problem with constant replacement in wp-config.php, better method.
1.12.1
- FIX: Problem with constant replacement in wp-config.php.
1.12.0
- Update Module: Limit Login Attempts: Add option to delete blocked IP.
- Update Module: Maintenance Mode: Add admin bar switcher and switch in the settings page.
- Update Module: Protect Website Headers: Add more information about the headers.
- UX improvement: Add a new filter in settings page for show only active modules
- Add config sharing feature
- Add modal for consent to collect data
- Fix: Local avatars: php warning
1.11.0
- Add Module: Adminer
- Add Module: Apple Touch Icon
- Add Module: Local avatars
1.10.2
- Fixed: Problem with modules using textarea fields. Now, the textarea fields are correctly escaped with wp_unslash.
1.10.1
- Fixed: module child theme generator: Better method for zip creation
1.10.0
- Add Module: Disable jQuery Migrate
- Add Module: Multiple User Roles
- Add Module: Plugin & Theme Rollback
- Fixed: Bug on child theme generator on some servers.
- Update Module: File Manager: Edit files from default view and better UX.
1.9.0
- Add Module: Child theme generator
- Add Module: File Manager
- Add Module: Protect Website Headers
- Fixed: Prevent the form submit when the user press Enter in the search input (on settings).
- Update: Better results on search input (on settings) if you don’t use special characters.
1.8.1
- Fixed: Problem if Parsedown library doesn’t exist on the server.
1.8.0
- Update Module: SMTP mailer: Replace password input type.
- Change logo on admin page.
- Add version on header of admin page.
- What’s new modal in settings page.
1.7.0
- Add Module: Ban emails
- Add Module: SMTP mailer
- Update Module: Auto Regenerate Salt Keys: Better approach to regenerate salt keys.
1.6.0
- Add Module: Block User Registration from Disposable Email
1.5.1
- Fix: Meta Debugger module: Add support on edit_user_profile
1.5.0
- Add Module: Custom Frontend CSS
- Add Module: Disable All Updates
- Add Module: Disable REST API
- Add Module: Heartbeat Control
- Add Module: Image Upload Control
- Add Module: Insert , and
<
footer> Code
* Add Module: Limit Login Attempts
* Add Module: Manage ads.txt and app-ads.txt
* Add Module: Manage robots.txt
* Add Module: Obfuscate Author Slugs
* Add Module: Obfuscate Email Addresses
* Fix: Increase the prioarity for the filter in hide admin bar module
* Fix: Problem with “Disallow bad requests” module
1.4.0
- Add Module: Clean Up Admin Bar
- Add Module: Content Duplication
- Add Module: Content Order
- Add Module: Custom Admin CSS
- Add Module: Enhance List Tables
- Add Module: External Permalinks
- Add Module: Log In/Out Menu
- Add Module: Meta Debugger
- Add Module: Post Per Page
- Fix: Problem with import / export settings feature
1.3.0
- Add Module: Auto Regenerate Salt Keys: WordPress salt keys or security keys are codes that help protect important information on your website.
- Add Module: Auto-Publish Posts with Missed Schedule: Automatically initiate the publication of scheduled posts marked with “missed schedule” upon each visit to the website, across all post types.
- Add Module: Clean Profiles: Tidy up user profiles by removing sections you do not utilise.
- Add Module: Custom Body Class: Add custom class(es) on the singular view of some or all public post types.
- Add Module: Disable Block-Based Widgets Settings Screen: Disable block-based widgets settings screen. Restores the classic widgets settings screen when using a classic (non-block) theme. This has no effect on block themes.
- Add Module: Disable Dashboard Widgets: Clean up and speed up the dashboard by completely disabling some or all widgets. Disabled widgets won’t load any assets nor show up under Screen Options.
- Add Module: Disable Really Simple Discovery (RSD) tag: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
- Add Module: Disable Windows Live Writer (WLW) manifest tag: Disable the Windows Live Writer (WLW) manifest tag in . The WLW app was discontinued in 2017.
- Add Module: Disable WordPress shortlink tag: Disable the default WordPress shortlink tag in . Ignored by search engines and has minimal practical use case. Usually, a dedicated shortlink plugin or service is preferred that allows for nice names in the short links and tracking of clicks when sharing the link on social media.
- Add Module: Disable cart fragments scripts: Disable cart fragments scripts on the front-end for public site visitors. This might break the functionality of the cart and checkout pages if they depend on cart fragments.
- Add Module: Disable dashicons CSS and JS files: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
- Add Module: Disable emoji support: Disable emoji support for pages, posts and custom post types on the admin and frontend. The support is primarily useful for older browsers that do not have native support for it. Most modern browsers across different OSes and devices now have native support for it.
- Add Module: Disallow Bad Requests: Protect your site against a wide range of threats. check all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.
- Add Module: Disallow Dir Listing: Disable the listing of the directories.
- Add Module: Disallow Malicious File Access in upload: Protect your website from malicious file access in the upload directory.
- Add Module: Duplicate Menu: Easily duplicate your WordPress Menus
- Add Module: Export Posts & Pages: Download your posts and pages to a .csv format.
- Add Module: Export Users: Download your user data to a .csv format.
- Add Module: Hide PHP Versions: Some servers send a header called X-Powered-By that contains the PHP version used on your site. It may be a useful information for attackers, and should be removed.
- Add Module: Maintenance Mode: Show a customizable maintenance page on the frontend while performing a brief maintenance to your site. Logged-in administrators can still view the site as usual.
- Add Module: Nav Menu Visibility: Control your nav menu by allowing you to apply visibility controls to menu.
- Add Module: Password Protection: Password-protect the entire site to hide the content from public view and search engine bots / crawlers. Logged-in administrators can still access the site as usual.
- Add Module: Quick Add Post: A new button to quickly add new posts to speed up your workflow.
- Add Module: Redirect 404 to Homepage: Sends visitors to your homepage if they try to access a page that doesn’t exist, ensuring they stay on your site.
- Add Module: Redirect After Login: Set custom redirect URL for all or some user roles after login.
- Add Module: Redirect After Logout: Set custom redirect URL for all or some user roles after logout.
- Add Module: Revisions Control: Avoid overloading the database by setting a cap on the number of revisions to save for certain or all types of posts that support revisions.
- Add Module: Wider Admin Menu: Give the admin menu more room to better accommodate wider items.
- Upgrade Module : Blacklisted Usernames : Add tool for fix blacklisted usernames.
1.2.1
- Fix : SVG Upload doesn’t work properly
- Security update : Sanitize uploaded SVG files
1.2.0
- Add module : Code Snippets
1.1.0
- Add module : Hide WordPress Version
- Fix : Activate / deactivate module action
1.0.0
- Initial release