Useful WordPress mu-plugins

You can find few useful tiny mu-plugins in my example Nginx configuration for WP.

Must-use plugins (a.k.a. mu-plugins) are plugins installed in a special directory inside the content folder and which are automatically enabled on all sites in the installation. Must-use plugins do not show in the default list of plugins on the Plugins page of wp-admin – although they do appear in a special Must-Use section – and cannot be disabled except by removing the plugin file from the must-use directory, which is found in wp-content/mu-plugins by default.



It enhances your security settings:

  • set password hashing to Bcrypt
  • return 401 HTTP status code after unsuccessful login attempt – so you are able to filter them with fail2ban on server side
  • remove sensitive data from REST API (users and comments endpoins)

Mail Fixer

Allows you to tune your WP mail settings (phpmailer):

  • unify Sender and From address (missconfiguration causes marking your mails as a spam)
  • customize from name and address
  • allows you to set your own SMTP server

Custom Login

Blocks direct access to wp-login.php – user have to visit custom URL before

Team Cookie

When user visits the administration it sets a cookie – it allows you to exclude them from the analytics for example.


You can find these plugin in the extras dir inside my repository.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s