WPMasterToolKit (WPMTK) – All in one plugin

WP Master ToolKit is your all-in-one solution for improving your WordPress site. It brings together a suite of tools that streamline your dashboard and improve your workflow, enabling more efficient management of content and settings. With WPMasterToolKit, you can customize your WordPress installation to suit your needs, ensuring you have all the tools you need at your fingertips.

Presentation of the extension by Alexis Fichou (WP-Origami) 🇫🇷:

83 Free features

• Adminer: A full-featured database management tool.
• Allow Menu Custom Links to Open in New Tab: You can enable custom link menu items to open in a separate browser tab with just a simple checkbox. Additionally, to reinforce security and improve SEO performance, we've implemented the "rel="noopener noreferrer nofollow"" attribute for these links.
• Apple Touch Icon: Manage app icon (Apple Touch Icon) individually.
• Auto Regenerate Salt Keys: WordPress salt keys or security keys are codes that help protect important information on your website.
• Auto-Publish Posts with Missed Schedule: Automatically initiate the publication of scheduled posts marked with "missed schedule" upon each visit to the website, across all post types.
• Ban Emails: Ban the chosen emails.
• Blacklisted Usernames: Prevent the creation of new user accounts with predifined blacklisted usernames. Blacklist usernames that are too common.
• Block User Registration from Disposable Email: Block user registration from disposable email addresses. Disposable email addresses are temporary email addresses that are used to register on websites that require email verification.
• Child theme generator: A simple tool to generate a child theme on your WordPress. You can disable it after generation.
• Clean Profiles: Tidy up user profiles by removing sections you do not utilise.
• Clean Up Admin Bar: Remove various elements from the admin bar.
• Code Snippets: Add custom code snippets to your website without the need to edit the theme's functions.php file. This feature is especially useful for adding custom CSS, JavaScript, and PHP code to your website. For disable all snippets, add this line to your wp-config.php: define('WPMASTERTOOLKIT_SNIPPETS_SAFE_MODE', true);
• Content Duplication: Enable one-click duplication of pages, posts and custom posts. The corresponding taxonomy terms and post meta will also be duplicated.
• Content Order: Enable custom ordering of various "hierarchical" content types or those supporting "page attributes". A new 'Order' sub-menu will appear for enabled content type(s).
• Custom Admin CSS: Add custom CSS on all admin pages for all user roles.
• Custom Body Class: Add custom <body> class(es) on the singular view of some or all public post types.
• Custom Frontend CSS: Add custom CSS on all frontend pages for all user roles.
• Disable All Updates: Completely disable core, theme and plugin updates and auto-updates. Will also disable update checks, notices and emails.
• Disable Block-Based Widgets Settings Screen: Disable block-based widgets settings screen. Restores the classic widgets settings screen when using a classic (non-block) theme. This has no effect on block themes.
• Disable Dashboard Widgets: Clean up and speed up the dashboard by completely disabling some or all widgets. Disabled widgets won't load any assets nor show up under Screen Options.
• Disable Feeds: Completely deactivate RSS, Atom, and RDF feeds across your website. This entails disabling feeds for various content elements, such as posts, categories, tags, comments, authors, and search. Additionally, it erases any remaining references to feed URLs from the <head> section of your web pages.
• Disable Gutenberg: Deactivate the Gutenberg block editor selectively, allowing you to control its usage for specific or all relevant post types.
• Disable REST API: Disable REST API access for non-authenticated users and remove URL traces from <head>, HTTP headers and WP RSD endpoint.
• Disable Really Simple Discovery (RSD) <link> tag: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
• Disable WP Sitemap: Disable the default WordPress sitemap feature, which was introduced in WordPress 5.5.
• Disable Windows Live Writer (WLW) manifest <link> tag: Disable the Windows Live Writer (WLW) manifest <link> tag in <head>. The WLW app was discontinued in 2017.
• Disable WordPress shortlink <link> tag: Disable the default WordPress shortlink <link> tag in <head>. Ignored by search engines and has minimal practical use case. Usually, a dedicated shortlink plugin or service is preferred that allows for nice names in the short links and tracking of clicks when sharing the link on social media.
• Disable XML-RPC: Enhance your website's security by fortifying it against brute force, (DoS) and (DDoS) attacks through advanced XML-RPC protection. In addition, our solution proactively disables trackbacks and pingbacks, bolstering your site's defense mechanisms.
• Disable cart fragments scripts: Disable cart fragments scripts on the front-end for public site visitors. This might break the functionality of the cart and checkout pages if they depend on cart fragments.
• Disable dashicons CSS and JS files: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
• Disable emoji support: Disable emoji support for pages, posts and custom post types on the admin and frontend. The support is primarily useful for older browsers that do not have native support for it. Most modern browsers across different OSes and devices now have native support for it.
• Disable jQuery Migrate: Removes the jQuery Migrate script from the frontend of your site.
• Disable wp_mail: Disable the wp_mail function, which is used by WordPress to send emails. This feature is useful for websites that do not send emails, as it prevents the wp_mail function from loading and consuming resources.
• Disallow Bad Requests: Protect your site against a wide range of threats. check all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.
• Disallow Dir Listing: Disable the listing of the directories.
• Disallow Malicious File Access in upload: Protect your website from malicious file access in the upload directory.
• Disallow Plugin Upload: Disable zip file uploads for plugins, which are used to install plugins on your website.
• Disallow Theme Upload: Disable zip file uploads for themes, which are used to install themes on your website.
• Disallow WP File Edit: Prevent the modification of your website's core files through the WordPress admin panel.
• Disallow register user: Prevent the creation of new user accounts on your website with the native WordPress registration form.
• Duplicate Menu: Easily duplicate your WordPress Menus
• Enhance List Tables: Improve the usefulness of listing pages for various post types and taxonomies, media, comments and users by adding / removing columns and elements.
• Export Posts & Pages: Download your posts and pages to a .csv format.
• Export Users: Download your user data to a .csv format.
• External Permalinks: Enable pages, posts and/or custom post types to have permalinks that point to external URLs. The rel="noopener noreferrer nofollow" attribute will also be added for enhanced security and SEO benefits.
• File Manager: Browser and manage your files efficiently and easily.
• Force Strong Password: Enforce the use of strong passwords for all users on your website. This feature is especially useful for websites with multiple users, as it ensures that all users have a strong password that is difficult to guess or crack.
• Heartbeat Control: Modify the interval of the WordPress heartbeat API or disable it on admin pages, post creation/edit screens and/or the frontend. This will help reduce CPU load on the server.
• Hide Admin Bar: Hide the admin bar on the front end of your website for either specific user roles or all users.
• Hide Admin Notices: Enhance the user experience on admin pages by reorganizing notices into a dedicated page.
• Hide Login Errors: Hide the default WordPress login errors that appear when an incorrect username or password is entered.
• Hide PHP Versions: Some servers send a header called X-Powered-By that contains the PHP version used on your site. It may be a useful information for attackers, and should be removed.
• Hide WordPress Version: Hide the WordPress version from the source code.
• Image Upload Control: Resize newly uploaded, large images to a smaller dimension and delete originally uploaded files. BMPs and non-transparent PNGs will be converted to JPGs and resized.
• Insert <head>, <body> and <footer> Code: Easily insert <meta>, <link>, <script> and <style> tags, Google Analytics, Tag Manager, AdSense, Ads Conversion and Optimize code, Facebook, TikTok and Twitter pixels, etc.
• Last Login Column: Track and record the most recent login activity of site users, then showcase the date and time in the users list table
• Limit Login Attempts: Prevent brute force attacks by limiting the number of failed login attempts allowed per IP address.
• Local avatars: Replaces GRAVATAR management with media management.
• Lock Admin Email: Prevent the modification of the admin email address on your website.
• Lock Site URL: Prevent the modification of the site URL on your website.
• Log In/Out Menu: Enable log in, log out and dynamic log in/out menu item for addition to any menu.
• Maintenance Mode: Show a customizable maintenance page on the frontend while performing a brief maintenance to your site. Logged-in administrators can still view the site as usual.
• Manage ads.txt and app-ads.txt: Easily edit and validate your ads.txt and app-ads.txt content.
• Manage robots.txt: Easily edit and validate your robots.txt content.
• Meta Debugger: Display all metadata for a post, user, term, or comment.
• Move Login URL: Change the default login URL to a custom URL of your choice.
• Multiple User Roles: Enable assignment of multiple roles during user account creation and editing. This maybe useful for working with roles not defined in WordPress core, e.g. from e-commerce or LMS plugins.
• Nav Menu Visibility: Control your nav menu by allowing you to apply visibility controls to menu.
• Obfuscate Author Slugs: Obfuscate publicly exposed author page URLs that shows the user slugs / usernames, e.g. sitename.com/author/username1/ into sitename.com/author/a6r5b8ytu9gp34bv/, and output 404 errors for the original URLs. Also obfuscates in /wp-json/wp/v2/users/ REST API endpoint.
• Obfuscate Email Addresses: Obfuscate email address to prevent spam bots from harvesting them, but make it readable like a regular email address for human visitors, using shortcode [wpm_obfuscate email="[email protected]" display="newline"]
• Open All External Links in New Tab: Ensure that all external links within post content open in a new browser tab by implementing the "target="_blank"" attribute. Additionally, enhance security and SEO advantages by including the "rel="noopener noreferrer nofollow"" attribute.
• Password Protection: Password-protect the entire site to hide the content from public view and search engine bots / crawlers. Logged-in administrators can still access the site as usual.
• Plugin & Theme Rollback: Revert to previous versions of any theme or plugin from WordPress.org.
• Post Per Page: Specifying the number of posts to display per page, for each post type.
• Protect Website Headers: Add security headers quickly to your site to protect it from threats such as phishing attacks, data theft and more.
• Quick Add Post: A new button to quickly add new posts to speed up your workflow.
• Redirect 404 to Homepage: Sends visitors to your homepage if they try to access a page that doesn't exist, ensuring they stay on your site.
• Redirect After Login: Set custom redirect URL for all or some user roles after login.
• Redirect After Logout: Set custom redirect URL for all or some user roles after logout.
• Revisions Control: Avoid overloading the database by setting a cap on the number of revisions to save for certain or all types of posts that support revisions.
• SMTP Mailer: Set custom sender name and email. Optionally use external SMTP service to ensure notification and transactional emails from your site are being delivered to inboxes.
• SVG Upload: Enhance media library functionality to support the seamless uploading of SVG files.
• Wider Admin Menu: Give the admin menu more room to better accommodate wider items.

Other upcoming features…

PRO Features (Coming Soon)

• Disable Comments: Manage the visibility of comments on your public posts by selectively disabling them for specific post types or across all posts. Once comments are disabled, any existing comments will seamlessly disappear from the front-end.
• Disallow Access WP Sensible Files: Delete the wp-config-sample.php, block access to readme.html, license.txt
• Disallow Countries IP: Include/Exclude countries IP
• Force Send All Email To: Force all emails sent from your website to be sent to a specific email address. This feature is useful for testing email functionality on your website, as it ensures that all emails are sent to a single email address.
• Manage Admin Emails Notifications: Disable admin emails notifications.
• Plugin Download: Download plugins from the plugins page in the WordPress admin panel.
• Two Factor Authentication: Add an extra layer of security to your website by enabling two-factor authentication for all users.
• Updates Logs: Track and record the most recent login activity of site users, then showcase the date and time in the users list table

Other plugin by Webdeclic

Webdeclic is a French web agency based in Paris. We are specialized in the creation of websites and e-commerce sites. We are also the creator of the following plugins:
* Mentions Legales Par Webdeclic
* Cookie Dough Compliance and Consent for GDPR
* QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly
* Univeral Honey Pot
* Clean My WP
* Show all plugins on WordPress.org

Support us

⭐️ If you like this plugin, please give us a 5 star rating on WordPress.org. This will motivate us to develop new features and write other plugins. ⭐️

☕️ If you want buy me a coffee, you can do it here : Buy me a coffee ☕️

1.11.0

• Add Module: Adminer
• Add Module: Apple Touch Icon
• Add Module: Local avatars

1.10.2

• Fixed: Problem with modules using textarea fields. Now, the textarea fields are correctly escaped with wp_unslash.

1.10.1

• Fixed: module child theme generator: Better method for zip creation

1.10.0

• Add Module: Disable jQuery Migrate
• Add Module: Multiple User Roles
• Add Module: Plugin & Theme Rollback
• Fixed: Bug on child theme generator on some servers.
• Update Module: File Manager: Edit files from default view and better UX.

1.9.0

• Add Module: Child theme generator
• Add Module: File Manager
• Add Module: Protect Website Headers
• Fixed: Prevent the form submit when the user press Enter in the search input (on settings).
• Update: Better results on search input (on settings) if you don’t use special characters.

1.8.1

• Fixed: Problem if Parsedown library doesn’t exist on the server.

1.8.0

• Update Module: SMTP mailer: Replace password input type.
• Change logo on admin page.
• Add version on header of admin page.
• What’s new modal in settings page.

1.7.0

• Add Module: Ban emails
• Add Module: SMTP mailer
• Update Module: Auto Regenerate Salt Keys: Better approach to regenerate salt keys.

1.6.0

• Add Module: Block User Registration from Disposable Email

1.5.1

• Fix: Meta Debugger module: Add support on edit_user_profile

1.5.0

• Add Module: Custom Frontend CSS
• Add Module: Disable All Updates
• Add Module: Disable REST API
• Add Module: Heartbeat Control
• Add Module: Image Upload Control
• Add Module: Insert , and

<

footer> Code
* Add Module: Limit Login Attempts
* Add Module: Manage ads.txt and app-ads.txt
* Add Module: Manage robots.txt
* Add Module: Obfuscate Author Slugs
* Add Module: Obfuscate Email Addresses
* Fix: Increase the prioarity for the filter in hide admin bar module
* Fix: Problem with “Disallow bad requests” module

1.4.0

• Add Module: Clean Up Admin Bar
• Add Module: Content Duplication
• Add Module: Content Order
• Add Module: Custom Admin CSS
• Add Module: Enhance List Tables
• Add Module: External Permalinks
• Add Module: Log In/Out Menu
• Add Module: Meta Debugger
• Add Module: Post Per Page
• Fix: Problem with import / export settings feature

1.3.0

• Add Module: Auto Regenerate Salt Keys: WordPress salt keys or security keys are codes that help protect important information on your website.
• Add Module: Auto-Publish Posts with Missed Schedule: Automatically initiate the publication of scheduled posts marked with “missed schedule” upon each visit to the website, across all post types.
• Add Module: Clean Profiles: Tidy up user profiles by removing sections you do not utilise.
• Add Module: Custom Body Class: Add custom class(es) on the singular view of some or all public post types.
• Add Module: Disable Block-Based Widgets Settings Screen: Disable block-based widgets settings screen. Restores the classic widgets settings screen when using a classic (non-block) theme. This has no effect on block themes.
• Add Module: Disable Dashboard Widgets: Clean up and speed up the dashboard by completely disabling some or all widgets. Disabled widgets won’t load any assets nor show up under Screen Options.
• Add Module: Disable Really Simple Discovery (RSD) tag: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
• Add Module: Disable Windows Live Writer (WLW) manifest tag: Disable the Windows Live Writer (WLW) manifest tag in . The WLW app was discontinued in 2017.
• Add Module: Disable WordPress shortlink tag: Disable the default WordPress shortlink tag in . Ignored by search engines and has minimal practical use case. Usually, a dedicated shortlink plugin or service is preferred that allows for nice names in the short links and tracking of clicks when sharing the link on social media.
• Add Module: Disable cart fragments scripts: Disable cart fragments scripts on the front-end for public site visitors. This might break the functionality of the cart and checkout pages if they depend on cart fragments.
• Add Module: Disable dashicons CSS and JS files: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
• Add Module: Disable emoji support: Disable emoji support for pages, posts and custom post types on the admin and frontend. The support is primarily useful for older browsers that do not have native support for it. Most modern browsers across different OSes and devices now have native support for it.
• Add Module: Disallow Bad Requests: Protect your site against a wide range of threats. check all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.
• Add Module: Disallow Dir Listing: Disable the listing of the directories.
• Add Module: Disallow Malicious File Access in upload: Protect your website from malicious file access in the upload directory.
• Add Module: Duplicate Menu: Easily duplicate your WordPress Menus
• Add Module: Export Posts & Pages: Download your posts and pages to a .csv format.
• Add Module: Export Users: Download your user data to a .csv format.
• Add Module: Hide PHP Versions: Some servers send a header called X-Powered-By that contains the PHP version used on your site. It may be a useful information for attackers, and should be removed.
• Add Module: Maintenance Mode: Show a customizable maintenance page on the frontend while performing a brief maintenance to your site. Logged-in administrators can still view the site as usual.
• Add Module: Nav Menu Visibility: Control your nav menu by allowing you to apply visibility controls to menu.
• Add Module: Password Protection: Password-protect the entire site to hide the content from public view and search engine bots / crawlers. Logged-in administrators can still access the site as usual.
• Add Module: Quick Add Post: A new button to quickly add new posts to speed up your workflow.
• Add Module: Redirect 404 to Homepage: Sends visitors to your homepage if they try to access a page that doesn’t exist, ensuring they stay on your site.
• Add Module: Redirect After Login: Set custom redirect URL for all or some user roles after login.
• Add Module: Redirect After Logout: Set custom redirect URL for all or some user roles after logout.
• Add Module: Revisions Control: Avoid overloading the database by setting a cap on the number of revisions to save for certain or all types of posts that support revisions.
• Add Module: Wider Admin Menu: Give the admin menu more room to better accommodate wider items.
• Upgrade Module : Blacklisted Usernames : Add tool for fix blacklisted usernames.

1.2.1

• Fix : SVG Upload doesn’t work properly
• Security update : Sanitize uploaded SVG files

1.2.0

• Add module : Code Snippets

1.1.0

• Add module : Hide WordPress Version
• Fix : Activate / deactivate module action

1.0.0

• Initial release

1. Upload the plugin files to the /wp-content/plugins/wp-mastertoolkit directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the ‘Plugins’ screen in WordPress
3. Use the WPMasterToolKit screen to configure the plugin