=== WPMasterToolKit ===
Contributors: ludwigyou
Tags: all in one plugin, admin, security, disable features, easy to use
Requires at least: 4.0.0
Tested up to: 6.5.4
Requires PHP: 7.4
Stable tag: 1.5.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

WPMasterToolKit is a plugin that allows you to add a lot of features to your WordPress site.

== Description ==
WP Master ToolKit is your all-in-one solution for improving your WordPress site. It brings together a suite of tools that streamline your dashboard and improve your workflow, enabling more efficient management of content and settings. With WPMasterToolKit, you can customize your WordPress installation to suit your needs, ensuring you have all the tools you need at your fingertips.

**Presentation of the extension by Alexis Fichou (WP-Origami) 🇫🇷:**
[youtube https://www.youtube.com/watch?v=9ZFp_eyYop4]

= Key Features =

* Allow Menu Custom Links to Open in New Tab: You can enable custom link menu items to open in a separate browser tab with just a simple checkbox. Additionally, to reinforce security and improve SEO performance, we've implemented the "rel="noopener noreferrer nofollow"" attribute for these links.
* Auto Regenerate Salt Keys: WordPress salt keys or security keys are codes that help protect important information on your website.
* Auto-Publish Posts with Missed Schedule: Automatically initiate the publication of scheduled posts marked with "missed schedule" upon each visit to the website, across all post types.
* Blacklisted Usernames: Prevent the creation of new user accounts with predifined blacklisted usernames. Blacklist usernames that are too common.
* Clean Profiles: Tidy up user profiles by removing sections you do not utilise.
* Clean Up Admin Bar: Remove various elements from the admin bar.
* Code Snippets: Add custom code snippets to your website without the need to edit the theme's functions.php file. This feature is especially useful for adding custom CSS, JavaScript, and PHP code to your website. For disable all snippets, add this line to your wp-config.php: define('WPMASTERTOOLKIT_SNIPPETS_SAFE_MODE', true);
* Content Duplication: Enable one-click duplication of pages, posts and custom posts. The corresponding taxonomy terms and post meta will also be duplicated.
* Content Order: Enable custom ordering of various "hierarchical" content types or those supporting "page attributes". A new 'Order' sub-menu will appear for enabled content type(s).
* Custom Admin CSS: Add custom CSS on all admin pages for all user roles.
* Custom Body Class: Add custom <body> class(es) on the singular view of some or all public post types.
* Custom Frontend CSS: Add custom CSS on all frontend pages for all user roles.
* Disable All Updates: Completely disable core, theme and plugin updates and auto-updates. Will also disable update checks, notices and emails.
* Disable Block-Based Widgets Settings Screen: Disable block-based widgets settings screen. Restores the classic widgets settings screen when using a classic (non-block) theme. This has no effect on block themes.
* Disable Dashboard Widgets: Clean up and speed up the dashboard by completely disabling some or all widgets. Disabled widgets won't load any assets nor show up under Screen Options.
* Disable Feeds: Completely deactivate RSS, Atom, and RDF feeds across your website. This entails disabling feeds for various content elements, such as posts, categories, tags, comments, authors, and search. Additionally, it erases any remaining references to feed URLs from the <head> section of your web pages.
* Disable Gutenberg: Deactivate the Gutenberg block editor selectively, allowing you to control its usage for specific or all relevant post types.
* Disable REST API: Disable REST API access for non-authenticated users and remove URL traces from <head>, HTTP headers and WP RSD endpoint.
* Disable Really Simple Discovery (RSD) <link> tag: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
* Disable WP Sitemap: Disable the default WordPress sitemap feature, which was introduced in WordPress 5.5.
* Disable Windows Live Writer (WLW) manifest <link> tag: Disable the Windows Live Writer (WLW) manifest <link> tag in <head>. The WLW app was discontinued in 2017.
* Disable WordPress shortlink <link> tag: Disable the default WordPress shortlink <link> tag in <head>. Ignored by search engines and has minimal practical use case. Usually, a dedicated shortlink plugin or service is preferred that allows for nice names in the short links and tracking of clicks when sharing the link on social media.
* Disable XML-RPC: Enhance your website's security by fortifying it against brute force, (DoS) and (DDoS) attacks through advanced XML-RPC protection. In addition, our solution proactively disables trackbacks and pingbacks, bolstering your site's defense mechanisms.
* Disable cart fragments scripts: Disable cart fragments scripts on the front-end for public site visitors. This might break the functionality of the cart and checkout pages if they depend on cart fragments.
* Disable dashicons CSS and JS files: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
* Disable emoji support: Disable emoji support for pages, posts and custom post types on the admin and frontend. The support is primarily useful for older browsers that do not have native support for it. Most modern browsers across different OSes and devices now have native support for it.
* Disable wp_mail: Disable the wp_mail function, which is used by WordPress to send emails. This feature is useful for websites that do not send emails, as it prevents the wp_mail function from loading and consuming resources.
* Disallow Bad Requests: Protect your site against a wide range of threats. check all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.
* Disallow Dir Listing: Disable the listing of the directories.
* Disallow Malicious File Access in upload: Protect your website from malicious file access in the upload directory.
* Disallow Plugin Upload: Disable zip file uploads for plugins, which are used to install plugins on your website.
* Disallow Theme Upload: Disable zip file uploads for themes, which are used to install themes on your website.
* Disallow WP File Edit: Prevent the modification of your website's core files through the WordPress admin panel.
* Disallow register user: Prevent the creation of new user accounts on your website with the native WordPress registration form.
* Duplicate Menu: Easily duplicate your WordPress Menus
* Enhance List Tables: Improve the usefulness of listing pages for various post types and taxonomies, media, comments and users by adding / removing columns and elements.
* Export Posts & Pages: Download your posts and pages to a .csv format.
* Export Users: Download your user data to a .csv format.
* External Permalinks: Enable pages, posts and/or custom post types to have permalinks that point to external URLs. The rel="noopener noreferrer nofollow" attribute will also be added for enhanced security and SEO benefits.
* Force Strong Password: Enforce the use of strong passwords for all users on your website. This feature is especially useful for websites with multiple users, as it ensures that all users have a strong password that is difficult to guess or crack.
* Heartbeat Control: Modify the interval of the WordPress heartbeat API or disable it on admin pages, post creation/edit screens and/or the frontend. This will help reduce CPU load on the server.
* Hide Admin Bar: Hide the admin bar on the front end of your website for either specific user roles or all users.
* Hide Admin Notices: Enhance the user experience on admin pages by reorganizing notices into a dedicated page.
* Hide Login Errors: Hide the default WordPress login errors that appear when an incorrect username or password is entered.
* Hide PHP Versions: Some servers send a header called X-Powered-By that contains the PHP version used on your site. It may be a useful information for attackers, and should be removed.
* Hide WordPress Version: Hide the WordPress version from the source code.
* Image Upload Control: Resize newly uploaded, large images to a smaller dimension and delete originally uploaded files. BMPs and non-transparent PNGs will be converted to JPGs and resized.
* Insert <head>, <body> and <footer> Code: Easily insert <meta>, <link>, <script> and <style> tags, Google Analytics, Tag Manager, AdSense, Ads Conversion and Optimize code, Facebook, TikTok and Twitter pixels, etc.
* Last Login Column: Track and record the most recent login activity of site users, then showcase the date and time in the users list table
* Limit Login Attempts: Prevent brute force attacks by limiting the number of failed login attempts allowed per IP address.
* Lock Admin Email: Prevent the modification of the admin email address on your website.
* Lock Site URL: Prevent the modification of the site URL on your website.
* Log In/Out Menu: Enable log in, log out and dynamic log in/out menu item for addition to any menu.
* Maintenance Mode: Show a customizable maintenance page on the frontend while performing a brief maintenance to your site. Logged-in administrators can still view the site as usual.
* Manage ads.txt and app-ads.txt: Easily edit and validate your ads.txt and app-ads.txt content.
* Manage robots.txt: Easily edit and validate your robots.txt content.
* Meta Debugger: Display all metadata for a post, user, term, or comment.
* Move Login URL: Change the default login URL to a custom URL of your choice.
* Nav Menu Visibility: Control your nav menu by allowing you to apply visibility controls to menu.
* Obfuscate Author Slugs: Obfuscate publicly exposed author page URLs that shows the user slugs / usernames, e.g. sitename.com/author/username1/ into sitename.com/author/a6r5b8ytu9gp34bv/, and output 404 errors for the original URLs. Also obfuscates in /wp-json/wp/v2/users/ REST API endpoint.
* Obfuscate Email Addresses: Obfuscate email address to prevent spam bots from harvesting them, but make it readable like a regular email address for human visitors, using shortcode [wpm_obfuscate email="example@email.com" display="newline"]
* Open All External Links in New Tab: Ensure that all external links within post content open in a new browser tab by implementing the "target="_blank"" attribute. Additionally, enhance security and SEO advantages by including the "rel="noopener noreferrer nofollow"" attribute.
* Password Protection: Password-protect the entire site to hide the content from public view and search engine bots / crawlers. Logged-in administrators can still access the site as usual.
* Post Per Page: Specifying the number of posts to display per page, for each post type.
* Quick Add Post: A new button to quickly add new posts to speed up your workflow.
* Redirect 404 to Homepage: Sends visitors to your homepage if they try to access a page that doesn't exist, ensuring they stay on your site.
* Redirect After Login: Set custom redirect URL for all or some user roles after login.
* Redirect After Logout: Set custom redirect URL for all or some user roles after logout.
* Revisions Control: Avoid overloading the database by setting a cap on the number of revisions to save for certain or all types of posts that support revisions.
* SVG Upload: Enhance media library functionality to support the seamless uploading of SVG files.
* Wider Admin Menu: Give the admin menu more room to better accommodate wider items.

Other upcoming features...

= PRO Features (Coming Soon) =

* Disable Comments: Manage the visibility of comments on your public posts by selectively disabling them for specific post types or across all posts. Once comments are disabled, any existing comments will seamlessly disappear from the front-end.
* Disallow Access WP Sensible Files: Delete the wp-config-sample.php, block access to readme.html, license.txt
* Disallow Countries IP: Include/Exclude countries IP
* Force Send All Email To: Force all emails sent from your website to be sent to a specific email address. This feature is useful for testing email functionality on your website, as it ensures that all emails are sent to a single email address.
* Manage Admin Emails Notifications: Disable admin emails notifications.
* Plugin Download: Download plugins from the plugins page in the WordPress admin panel.
* Two Factor Authentication: Add an extra layer of security to your website by enabling two-factor authentication for all users.
* Updates Logs: Track and record the most recent login activity of site users, then showcase the date and time in the users list table

== Installation ==

1. Upload the plugin files to the `/wp-content/plugins/wp-mastertoolkit` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the 'Plugins' screen in WordPress
3. Use the WPMasterToolKit screen to configure the plugin

== Other plugin by Webdeclic ==
[Webdeclic](https://webdeclic.com) is a French web agency based in Paris. We are specialized in the creation of websites and e-commerce sites. We are also the creator of the following plugins:
* [Mentions Legales Par Webdeclic](https://wordpress.org/plugins/mentions-legales-par-webdeclic/)
* [Cookie Dough Compliance and Consent for GDPR](https://wordpress.org/plugins/cookie-dough-compliance-and-consent-for-gdpr/)
* [QuickWebP - Compress / Optimize Images & Convert WebP | SEO Friendly](https://wordpress.org/plugins/quickwebp/)
* [Univeral Honey Pot](https://wordpress.org/plugins/universal-honey-pot/)
* [Clean My WP](https://wordpress.org/plugins/clean-my-wp/)
* [Show all plugins on WordPress.org](https://wordpress.org/plugins/search/webdeclic/)

== Support us ==
⭐️ If you like this plugin, please give us a 5 star rating on WordPress.org. This will motivate us to develop new features and write other plugins. ⭐️

☕️ If you want buy me a coffee, you can do it here : [Buy me a coffee](https://bmc.link/ludwig) ☕️

== Frequently asked questions ==

= What is WPMasterToolKit? =
WPMasterToolKit is a comprehensive plugin that provides a wide range of features designed to improve your WordPress. It includes tools to improve media management, user interface, site security and much more.

= Will WPMasterToolKit slow down my website? =
No, WPMasterToolKit is designed to be lightweight and efficient. This should not negatively impact your website performance.

=Can WPMasterToolKit help with SEO? =
Although WPMasterToolKit is not primarily an SEO plugin, it does include features that can help your site's SEO, such as the ability to open external links in a new tab with the appropriate "rel" attributes.

= How often is WPMasterToolKit updated? =
We regularly update WPMasterToolKit to introduce new features, fix bugs and ensure compatibility with the latest versions of WordPress.

= How can I contribute to WPMasterToolKit? =
Contributions are welcome! You can contribute by reporting bugs, suggesting features, translating the plugin, or submitting code fixes.

== Screenshots ==
1. Admin page
2. Import / Export settings
3. Move login submenu
4. Code snippets

== Changelog ==

= 1.5.0 =
* Add Module: Custom Frontend CSS
* Add Module: Disable All Updates
* Add Module: Disable REST API
* Add Module: Heartbeat Control
* Add Module: Image Upload Control
* Add Module: Insert <head>, <body> and <footer> Code
* Add Module: Limit Login Attempts
* Add Module: Manage ads.txt and app-ads.txt
* Add Module: Manage robots.txt
* Add Module: Obfuscate Author Slugs
* Add Module: Obfuscate Email Addresses
* Fix: Increase the prioarity for the filter in hide admin bar module
* Fix: Problem with "Disallow bad requests" module

= 1.4.0 =
* Add Module: Clean Up Admin Bar
* Add Module: Content Duplication
* Add Module: Content Order
* Add Module: Custom Admin CSS
* Add Module: Enhance List Tables
* Add Module: External Permalinks
* Add Module: Log In/Out Menu
* Add Module: Meta Debugger
* Add Module: Post Per Page
* Fix: Problem with import / export settings feature

= 1.3.0 =
* Add Module: Auto Regenerate Salt Keys: WordPress salt keys or security keys are codes that help protect important information on your website.
* Add Module: Auto-Publish Posts with Missed Schedule: Automatically initiate the publication of scheduled posts marked with "missed schedule" upon each visit to the website, across all post types.
* Add Module: Clean Profiles: Tidy up user profiles by removing sections you do not utilise.
* Add Module: Custom Body Class: Add custom <body> class(es) on the singular view of some or all public post types.
* Add Module: Disable Block-Based Widgets Settings Screen: Disable block-based widgets settings screen. Restores the classic widgets settings screen when using a classic (non-block) theme. This has no effect on block themes.
* Add Module: Disable Dashboard Widgets: Clean up and speed up the dashboard by completely disabling some or all widgets. Disabled widgets won't load any assets nor show up under Screen Options.
* Add Module: Disable Really Simple Discovery (RSD) <link> tag: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
* Add Module: Disable Windows Live Writer (WLW) manifest <link> tag: Disable the Windows Live Writer (WLW) manifest <link> tag in <head>. The WLW app was discontinued in 2017.
* Add Module: Disable WordPress shortlink <link> tag: Disable the default WordPress shortlink <link> tag in <head>. Ignored by search engines and has minimal practical use case. Usually, a dedicated shortlink plugin or service is preferred that allows for nice names in the short links and tracking of clicks when sharing the link on social media.
* Add Module: Disable cart fragments scripts: Disable cart fragments scripts on the front-end for public site visitors. This might break the functionality of the cart and checkout pages if they depend on cart fragments.
* Add Module: Disable dashicons CSS and JS files: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
* Add Module: Disable emoji support: Disable emoji support for pages, posts and custom post types on the admin and frontend. The support is primarily useful for older browsers that do not have native support for it. Most modern browsers across different OSes and devices now have native support for it.
* Add Module: Disallow Bad Requests: Protect your site against a wide range of threats. check all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.
* Add Module: Disallow Dir Listing: Disable the listing of the directories.
* Add Module: Disallow Malicious File Access in upload: Protect your website from malicious file access in the upload directory.
* Add Module: Duplicate Menu: Easily duplicate your WordPress Menus
* Add Module: Export Posts & Pages: Download your posts and pages to a .csv format.
* Add Module: Export Users: Download your user data to a .csv format.
* Add Module: Hide PHP Versions: Some servers send a header called X-Powered-By that contains the PHP version used on your site. It may be a useful information for attackers, and should be removed.
* Add Module: Maintenance Mode: Show a customizable maintenance page on the frontend while performing a brief maintenance to your site. Logged-in administrators can still view the site as usual.
* Add Module: Nav Menu Visibility: Control your nav menu by allowing you to apply visibility controls to menu.
* Add Module: Password Protection: Password-protect the entire site to hide the content from public view and search engine bots / crawlers. Logged-in administrators can still access the site as usual.
* Add Module: Quick Add Post: A new button to quickly add new posts to speed up your workflow.
* Add Module: Redirect 404 to Homepage: Sends visitors to your homepage if they try to access a page that doesn't exist, ensuring they stay on your site.
* Add Module: Redirect After Login: Set custom redirect URL for all or some user roles after login.
* Add Module: Redirect After Logout: Set custom redirect URL for all or some user roles after logout.
* Add Module: Revisions Control: Avoid overloading the database by setting a cap on the number of revisions to save for certain or all types of posts that support revisions.
* Add Module: Wider Admin Menu: Give the admin menu more room to better accommodate wider items.
* Upgrade Module : Blacklisted Usernames : Add tool for fix blacklisted usernames.

= 1.2.1 =
* Fix : SVG Upload doesn't work properly
* Security update : Sanitize uploaded SVG files

= 1.2.0 =
* Add module : Code Snippets

= 1.1.0 =
* Add module : Hide WordPress Version
* Fix : Activate / deactivate module action

= 1.0.0 =
* Initial release