=== OPI Security Boost === Contributors: mpietrzak, mruszczyk, iworks, litys Donate link: https://ko-fi.com/iworks?utm_source=opi-security-boost&utm_medium=readme-donate Tags: security, hardness  Requires at least: 6.0 Tested up to: 7.0 Stable tag: 1.3.3 Requires PHP: 8.1 License: GPLv3 or later License URI: https://www.gnu.org/licenses/gpl-3.0.html OPI Security Boost plugin adds basic hardness to your site. == Description == OPI Security Boost plugin adds basic hardness to your site. == Features == * Security Configuration Management: - Automated generation and management of `/security.txt` file for security settings - Implementation of `/pgp-key.txt` file for secure key management * User Management and Security: - Automated user roles reset after configurable inactivity period - Enhanced user list table with additional security information: - User registration date tracking - Last login timestamp recording - Random ID generation for new user accounts - Protection against user enumeration attacks * API and Frontend Security: - Restriction of REST API endpoints for non-logged-in users - Removal of WordPress version information from frontend - Elimination of Really Simple Discovery (RSD) meta tag - Removal of Windows Live Writer meta tag * Security Hardening: - Role-based access control with configurable reset periods - Enhanced user data visibility for security audits on users list table == Installation == There are 3 ways to install this plugin: = 1. The super easy way = 1. In your Admin, go to menu Plugins > Add. 1. Search for `opi-security-boost`. 1. Click to install. 1. Activate the plugin. = 2. The easy way = 1. Download the plugin (.zip file) on the right column of this page. 1. In your Admin, go to menu Plugins > Add. 1. Select button `Upload Plugin`. 1. Upload the .zip file you just downloaded. 1. Activate the plugin. = 3. The old and reliable way (FTP) = 1. Upload `opi-security-boost` folder to the `/wp-content/plugins/` directory. 1. Activate the plugin through the 'Plugins' menu in WordPress. == Frequently Asked Questions == == Screenshots == == Changelog == = 1.3.3 (2026-05-19) = * Removed log l. = 1.3.2 (2026-05-18) = * Added blocked usernames functionality. = 1.3.1 (2026-04-16) = * Fixed issue with role downgrade warning not being marked properly. = 1.3.0 (2026-04-16) = * Added interation with [Simple History](https://wordpress.org/plugins/simple-history/) plugin. * Added role downgrade warning functionality with configurable notification days. * Enhanced user data visibility with last login date display in days. * Improved code organization and maintainability. * Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 3.1.0. = 1.2.3 (2025-12-18) = * Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 3.0.9. = 1.2.2 (2025-08-18) = * Added `check_option_object` method to the main class. = 1.2.1 (2025-07-03) = * Added charset to security.txt file. * Added charset to pgp-key.txt file. * Added `print_headers` method to the main class. * Added no cache headers to the main class. * Added `links_info` method to the main class. * Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 3.0.7. = 1.2.0 (2025-05-20) = * Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 3.0.1. * Added `blueprint.json` to allow testing plugin on WordPress.org. * Added user roles reset functionality with enhanced security features: - New option to allow automatic role reset after specified days. - Selective role reset for specific user roles. - Exclusion of specific users from role reset. - Enhanced user query optimization. - Added proper sanitization for options. - Improved code organization and maintainability. = 1.1.2 (2025-03-27) = * Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 2.9.9. * The issue with the saving multiple option value has been resolved. = 1.1.1 (2025-03-12) = * Improved build process for better performance and efficiency. * Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 2.9.8. = 1.1.0 (2025-02-17) = * Auto lowering user privileges after a year without login has been added. * The `_load_textdomain_just_in_time()` notice has been fixed. * The build process has been improved. * The `security.txt` configuration has been added. * The `pgp-key.txt` configuration has been added. = 1.0.7 (2024-10-12) = * Random ID generation for new user account has been added. = 1.0.6 (2024-01-22) = * The plugin has been published on WordPress.org. = 1.0.5 (2023-10-19) = * Implementation of comments submitted by WordPress Plugin Review Team. * Users REST API for logged users has been restored. = 1.0.4 (2023-08-01) = * Directory indexes were been added. = 1.0.3 (2023-07-31) = * The last login date has been added to user login action. * The last login date and the registration date were been added to users list table. = 1.0.2 (2023-07-28) = * The WordPress version has been removed from front-end. * The `/readme.html` will be removed if there is proper files rights. = 1.0.1 (2023-07-24) = * Really Simple Discovery meta tag has been removed from front-end. * Windows Live Writer meta tag has been removed from front-end. = 1.0.0 (2023-07-21) = * A prevent for enumerating users has been added: ** The `?author=\d+` query string has been redirected to the main page. ** The login form messages have been unified to remove information about account existence. * Users related REST API endpoints have been removed. == Upgrade Notice ==