Is MJP Security Tools free?

Yes, MJP Security Tools is free to use. It is available as a free plugin on WordPress.org.

How many websites use MJP Security Tools?

MJP Security Tools has 10 active installations as tracked by WordPress.org.

What are the best MJP Security Tools alternatives?

Popular alternatives to MJP Security Tools include Prevent XSS Vulnerability, Content Security Policy Manager, Basic Security: Prevent Cross Site…. You can compare them side-by-side on our comparison pages.

Does MJP Security Tools work with the latest WordPress?

MJP Security Tools has been tested up to WordPress 6.9.4. It requires WordPress 6.0+ and PHP 7.4+.

PluginSift

MJP Security Tools

Name: MJP Security Tools
Author: zackdesign

Lightweight WordPress hardening — XSS database scanner, POST request logging, failed login logging, and file permission checker.

By zackdesign·Xss·Free

·10 active installs·Updated 1 month ago

Download Visit Homepage Compare

As of April 2026, MJP Security Tools is a WordPress xss plugin with 10 active installations and a 0/5 rating0. It has been downloaded 2.9K+ times in total. Requires WordPress 6.0+ and PHP 7.4+. Available on WordPress.org since 2010. Recently updated within the last 3 months. Top alternative: Prevent XSS Vulnerability.

0/5Rating

10active installs

2.9K+total downloads

16 yearssince 2010

Overview

MJP Security Tools is a focused hardening plugin that does four things well:

XSS Database Scanner — scans every table for <script>, <iframe>, onclick, javascript: and other injection patterns
POST Request Log — records all POST data (passwords masked) with IP, user agent, and URL for CSRF/audit detection
Failed Login Log — tracks every failed login attempt with username, IP, and timestamp
File Permission Checker — verifies WordPress root files and directories have safe permissions, checks for missing index.html files and SVN working copies

What this plugin does NOT do (because WordPress core already handles it):

SSL enforcement — use FORCE_SSL_ADMIN or let WordPress 5.7+ auto-redirect
Password strength — WordPress core enforces strong passwords since 4.3
Login rate limiting…

Read full description on WordPress.org

Ratings & Reviews

00 reviews

5 ★

4 ★

3 ★

2 ★

1 ★

Compatibility

WordPress	6.0+ requiredTested up to 6.9.4
PHP	7.4+ required

Top Alternatives to MJP Security Tools

Prevent XSS Vulnerability

56.0K+ installsUpdated 8 months ago

View Compare

Content Security Policy Manager

4.32.0K+ installsUpdated 3 years ago

View Compare

Basic Security: Prevent Cross Site…

5300 installsUpdated 4 months ago

View Compare

HTML Purified

050 installsUpdated 13 years ago

View Compare

Shieldfy Security Firewall and Anti…

540 installsUpdated 7 years ago

View Compare

View all xss plugins →

Frequently Asked Questions

Changelog

2.0.0

Rewrite: focused on 4 core features — XSS scanner, POST log, failed login log, file permissions
Removed: SSL forcing, password enforcement, login throttling, version hiding (handled by WP core)
Removed: Admin username changer, DB prefix randomizer, password reset all users, .htaccess generator
Removed: jQuery UI 1.8.10 dependency and Javacrypt crypt(3) JavaScript (~500 lines)
Removed: PHP sessions — uses WP transients for flash messages

…and 8 more changes

View full changelog on WordPress.org

Contributors

AliasIO

zackdesign

Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.

MJP Security Tools

Lightweight WordPress hardening — XSS database scanner, POST request logging, failed login logging, and file permission checker.

By zackdesign·Xss·Free

·10 active installs·Updated 1 month ago

Download Visit Homepage Compare

0/5Rating

10active installs

2.9K+total downloads

16 yearssince 2010

Overview

MJP Security Tools is a focused hardening plugin that does four things well:

XSS Database Scanner — scans every table for <script>, <iframe>, onclick, javascript: and other injection patterns
POST Request Log — records all POST data (passwords masked) with IP, user agent, and URL for CSRF/audit detection
Failed Login Log — tracks every failed login attempt with username, IP, and timestamp
File Permission Checker — verifies WordPress root files and directories have safe permissions, checks for missing index.html files and SVN working copies

What this plugin does NOT do (because WordPress core already handles it):

SSL enforcement — use FORCE_SSL_ADMIN or let WordPress 5.7+ auto-redirect
Password strength — WordPress core enforces strong passwords since 4.3
Login rate limiting…

Read full description on WordPress.org

Ratings & Reviews

00 reviews

5 ★

4 ★

3 ★

2 ★

1 ★

Compatibility

WordPress	6.0+ requiredTested up to 6.9.4
PHP	7.4+ required

Top Alternatives to MJP Security Tools

Prevent XSS Vulnerability

56.0K+ installsUpdated 8 months ago

View Compare

Content Security Policy Manager

4.32.0K+ installsUpdated 3 years ago

View Compare

Basic Security: Prevent Cross Site…

5300 installsUpdated 4 months ago

View Compare

HTML Purified

050 installsUpdated 13 years ago

View Compare

Shieldfy Security Firewall and Anti…

540 installsUpdated 7 years ago

View Compare

View all xss plugins →

Frequently Asked Questions

Changelog

2.0.0

Rewrite: focused on 4 core features — XSS scanner, POST log, failed login log, file permissions
Removed: SSL forcing, password enforcement, login throttling, version hiding (handled by WP core)
Removed: Admin username changer, DB prefix randomizer, password reset all users, .htaccess generator
Removed: jQuery UI 1.8.10 dependency and Javacrypt crypt(3) JavaScript (~500 lines)
Removed: PHP sessions — uses WP transients for flash messages

…and 8 more changes

View full changelog on WordPress.org

Contributors

AliasIO

zackdesign

Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.