The 10up Experience plugin configures WordPress to better protect and inform our clients, aligned to 10up’s best practices. It is not meant as a general-distribution plugin and does not have an open development process, but is available for public perusal.
- PHP 5.3+
- WordPress 4.7+
- Clone or download and extract the plugin into
wp-content/plugins
. Make sure you use themaster
branch which contains the latest stable release. - Activate the plugin via the dashboard or WP-CLI.
- Updates use the built-in WordPress update system to pull from GitHub releases.
-
REST API
Adds an option to general settings to restrict REST API access. The options are: show REST API to everyone, only show REST API to logged in users, and show REST API to everyone except
/users
endpoint. -
Authors
Removes 10up user author archives so they are mistakenly indexed by search engines.
-
Gutenberg
Adds an option in writing to switch back to Classic Editor.
-
Plugins
Adds a 10up Suggested Plugins section to the plugins screen. Warns users who attempt to deactivate the 10up Experience plugin. Outputs a notice on non-suggested plugins tabs warning users from installing non-approved plugins. If
DISALLOW_FILE_MODS
is on, update notices will be shown in the plugins table. -
Post Passwords
Password protecting post functionality is removed both in Gutenberg and the classic editor. This can be disabled in the writing section of the admin.
-
Support Monitor
Sends non-PII information about the website back to 10up including plugins installed, constants defined in
wp-config.php
, 10up user accounts, and more. -
Authentication
By default, all users must use a medium or greater strength password. This can be turned off in general settings (or network settings if network activated). Reserved usernames such as
admin
are prevented from being used. -
Headers
X-Frame-Origins
is set tosameorigin
to prevent click jacking.
Active: 10up is actively working on this, and we expect to continue work for the foreseeable future including keeping tested up to the most recent version of WordPress. Bug reports, feature requests, questions, and pull requests are welcome.
A complete listing of all notable changes to the 10up Experience Plugin are documented in CHANGELOG.md.