I’m trying out MainWP with a handful of my personal websites before jumping in on it with client sites. I do all my client hosting on my own servers managed with SpinupWP. Part of what SpinupWP does is intentionally keep WP_DEBUG on, just redirected to a secure log file. As such my test site hosted this way shows one security error in MainWP. Is there anyway to disable certain security checks for some or all child sites? I really don’t want to be stuck with MainWP constantly alerting me to the WP_DEBUG state that is enabled, but is indeed correct for my hosting.
I dug into the filters MainWP provides and here is what I came up with for anyone who has the same question:
/**
* Treat debug being enabled as okay given SpinupWP configs.
*/
add_filter( 'mainwp_security_issues_stats', function ( $bool, $information, $website ) {
if ( tg_mainwp_has_plugin( 'SpinupWP', $website ) ) {
$information['debug_disabled'] = 'Y';
}
return $information;
}, 10, 3 );
add_filter( 'mainwp_before_save_sync_result', function ( $information, $website ) {
if ( tg_mainwp_has_plugin( 'SpinupWP', $information ) ) {
if ( 'N' == $information['securityStats']['debug_disabled'] ) {
$information['securityStats']['debug_disabled'] = 'Y';
$information['securityIssues'] = $information['securityIssues'] - 1;
}
}
return $information;
}, 10, 2 );
/**
* Check in the site info for a named plugin.
*
* @param string $name of a plugin
* @param array $information from website
* @return bool has plugin active
*/
function tg_mainwp_has_plugin( $name, $information ) {
$array = [];
if ( is_array( $information ) ) {
$array = $information;
} else {
$array['plugins'] = $information->plugins;
}
if ( array_key_exists( 'plugins', $array ) ) {
if ( !is_array( $array['plugins'] ) ) {
$array['plugins'] = json_decode( $array['plugins'], true );
}
foreach ( $array['plugins'] as $plugin ) {
if ( $plugin['name'] == $name && $plugin['active'] ) {
return true;
}
}
}
return false;
}
Is there anything I should be worried about with this implementation?
Hi @alexclst
Welcome to the MainWP Community!
The filter appears to be fine, and at this point, we don’t see a cause for concern about implementing it.
Hi @xyzulu
Welcome to the MainWP Community.
To disable “username=admin” check, you can use this snippet:
add_filter( 'mainwp_security_issues_stats', 'mycustom_mainwp_security_issues_stats', 10, 3 );
function mycustom_mainwp_security_issues_stats( $false, $issues, $website ) {
if( is_array( $issues ) && isset( $issues['admin'] ) ) {
$issues['admin'] = 'Y';
}
return $issues;
}
You can find details about the filter here:
Thanks @bojan !
Since I’m new to MainWP… where/how do you suggest this snippet is added… ie best practise… since there are so many options.
The easiest is using the Custom Dashboard Extension:
1 Like
This snippet works to remove the username=admin check from the individual site… but not from the main stats/dashboard view. Can you tweak it a little for me?
I was wrong… Dashboard must have been cached… snippet now working as expected. Thanks again.
1 Like
You’re most welcome, and I’m glad it’s working as expected.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.