You can find few useful tiny mu-plugins in my example Nginx configuration for WP.
Must-use plugins (a.k.a. mu-plugins) are plugins installed in a special directory inside the content folder and which are automatically enabled on all sites in the installation. Must-use plugins do not show in the default list of plugins on the Plugins page of wp-admin – although they do appear in a special Must-Use section – and cannot be disabled except by removing the plugin file from the must-use directory, which is found in wp-content/mu-plugins by default.
It enhances your security settings:
- set password hashing to Bcrypt
- return 401 HTTP status code after unsuccessful login attempt – so you are able to filter them with fail2ban on server side
- remove sensitive data from REST API (users and comments endpoins)
Allows you to tune your WP mail settings (phpmailer):
- unify Sender and From address (missconfiguration causes marking your mails as a spam)
- customize from name and address
- allows you to set your own SMTP server
Blocks direct access to wp-login.php – user have to visit custom URL before
When user visits the administration it sets a cookie – it allows you to exclude them from the analytics for example.
You can find these plugin in the extras dir inside my repository.