Can you Disable Certain Security Checks?

I’m trying out MainWP with a handful of my personal websites before jumping in on it with client sites. I do all my client hosting on my own servers managed with SpinupWP. Part of what SpinupWP does is intentionally keep WP_DEBUG on, just redirected to a secure log file. As such my test site hosted this way shows one security error in MainWP. Is there anyway to disable certain security checks for some or all child sites? I really don’t want to be stuck with MainWP constantly alerting me to the WP_DEBUG state that is enabled, but is indeed correct for my hosting.

I dug into the filters MainWP provides and here is what I came up with for anyone who has the same question:

 * Treat debug being enabled as okay given SpinupWP configs.
add_filter( 'mainwp_security_issues_stats', function ( $bool, $information, $website ) {
	if ( tg_mainwp_has_plugin( 'SpinupWP', $website ) ) {
		$information['debug_disabled'] = 'Y';
	return $information;
}, 10, 3 );
add_filter( 'mainwp_before_save_sync_result', function ( $information, $website ) {
	if ( tg_mainwp_has_plugin( 'SpinupWP', $information ) ) {
		if ( 'N' == $information['securityStats']['debug_disabled'] ) {
			$information['securityStats']['debug_disabled'] = 'Y';
			$information['securityIssues'] = $information['securityIssues'] - 1;
	return $information;
}, 10, 2 );

 * Check in the site info for a named plugin.
 * @param string $name of a plugin
 * @param array $information from website
 * @return bool has plugin active
function tg_mainwp_has_plugin( $name, $information ) {
	$array = [];
	if ( is_array( $information ) ) {
		$array = $information;
	} else {
		$array['plugins'] = $information->plugins;
	if ( array_key_exists( 'plugins', $array ) ) {
		if ( !is_array( $array['plugins'] ) ) {
			$array['plugins'] = json_decode( $array['plugins'], true );
		foreach ( $array['plugins'] as $plugin ) {
			if ( $plugin['name'] == $name && $plugin['active'] ) {
				return true;
	return false;

Is there anything I should be worried about with this implementation?

Hi @alexclst

Welcome to the MainWP Community!

The filter appears to be fine, and at this point, we don’t see a cause for concern about implementing it.

I’d like to disable the “username = admin” check in MainWP. How can I do this @bojan ?

Hi @xyzulu

Welcome to the MainWP Community.

To disable “username=admin” check, you can use this snippet:

add_filter( 'mainwp_security_issues_stats', 'mycustom_mainwp_security_issues_stats', 10, 3 );
function mycustom_mainwp_security_issues_stats( $false, $issues, $website ) {
     if( is_array( $issues ) && isset( $issues['admin'] ) ) {
          $issues['admin'] = 'Y';
     return $issues;

You can find details about the filter here:

Thanks @bojan !
Since I’m new to MainWP… where/how do you suggest this snippet is added… ie best practise… since there are so many options.

The easiest is using the Custom Dashboard Extension:

1 Like

Thanks @josklever I’ll try that out now.

1 Like

This snippet works to remove the username=admin check from the individual site… but not from the main stats/dashboard view. Can you tweak it a little for me?

I was wrong… Dashboard must have been cached… snippet now working as expected. Thanks again.

1 Like

You’re most welcome, and I’m glad it’s working as expected.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.