Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/estebanforge/fuerte-wp

A WordPress plugin to enforce certain security focused limits for users with wp-admin access.
https://github.com/estebanforge/fuerte-wp

wordpress

Last synced: about 1 month ago
JSON representation

A WordPress plugin to enforce certain security focused limits for users with wp-admin access.

Awesome Lists containing this project

README 

          
# Fuerte-WP





	Fuerte-WP Logo




Take control of your WordPress security & maintenance. Automate plugin updates, manage administrator access, and prevent broken functionality from outdated plugins without proper oversight.



Fuerte-WP is the ultimate WordPress security & maintenance solution that combines automated updates with administrator oversight to prevent plugin conflicts before they break your site.



Available at the official [WordPress.org plugins repository](https://wordpress.org/plugins/fuerte-wp/).



## Why?



Is your WordPress site suffering from plugin neglect? Every day, thousands of sites break due to outdated plugins, untested updates, and lack of proper maintenance oversight.



**⚠️ THE REALITY:**

- 90% of WordPress site failures are caused by outdated plugins, themes or incompatible updates

- Most WordPress downtime happens from untested plugin updates by administrators with too much freedom

- Your WordPress installation is only as reliable as your maintenance routine



**🔥 WHY FUERTE-WP IS DIFFERENT:**



Most maintenance plugins just alert you AFTER something breaks. Fuerte-WP PREVENTS issues before they happen, combining automated updates with access control that works together seamlessly.



**🚨 CRITICAL SECURITY PROTECTION:** Supply chain attacks happen when even trustworthy developers have their accounts compromised. Attackers push malicious updates that thousands of sites auto-install within hours. Fuerte-WP's **Blocked Updates** lets you freeze plugins at safe versions when you learn of compromises, protecting your site when even developers can't protect their own update systems.



Fuerte-WP auto-protects itself and cannot be disabled, unless your account is declared as super user, or you have access to the server (FTP, SFTP, SSH, cPanel/Plesk, etc.).



## Auto-Update Management System



🚨 **Intelligent Update Scheduling & Control**



Fuerte-WP's Auto-Update Management System provides comprehensive control over WordPress maintenance:



### 📅 Update Scheduling

- **Intelligent Update Scheduling**: Configurable update frequency (default: every 12 hours)

- **Selective Updates**: Choose which plugins, themes, and core components to auto-update

- **Compatibility Monitoring**: Track which updates are safe and tested

- **Real-Time Update Dashboard**: Live dashboard showing current update status and scheduled maintenance



### 🛡️ Update Control Modes

- **Deferred Updates**: Exclude specific plugins/themes from auto-updates while allowing manual updates

- **Blocked Updates**: Completely prevent updates for specific plugins/themes (both automatic and manual)

  - Blocked items are removed from update transients entirely

  - No update notices appear in the WordPress admin

  - **Supply Chain Attack Protection**: Lock plugins at safe versions when developer accounts are compromised

  - Use when even trustworthy developers can't protect their own update systems

  - Perfect for responding to security incidents and compromised plugins



### 👑 Administrator Oversight

- **Super User Access**: Designate who has full maintenance control (YOU) while restricting others

- **Role-Based Permissions**: Granular control over what different admin roles can modify

- **Plugin & Theme Management**: Prevent other admins from installing unstable plugins or untested updates

- **Menu Management**: Hide sensitive WordPress settings from inexperienced administrators



### 📊 Maintenance Command Center

- **Live Update Monitoring**: Real-time AJAX dashboard shows plugin/theme updates as they happen

- **Detailed Maintenance Logs**: Comprehensive logging with timestamps, versions, and compatibility notes

- **Export Maintenance Data**: Download update reports for analysis or compliance

- **Smart Notifications**: Get alerted about available updates and maintenance tasks



### 🇪🇺 Email Management

- **Recovery Email Routing**: Route WordPress admin emails to the right maintenance team

- **Custom Sender Configuration**: Professional email sender setup that matches your domain

- **Email Audit Trail**: Logging that helps with maintenance communication tracking



### 🔐 Optional: Admin Access Management

*For organizations with multiple administrators*



- **Custom Login Endpoints**: Create dedicated maintenance access points

- **Smart Redirection**: Guide users to appropriate admin areas based on permissions

- **WP-Admin Access Control**: Restrict direct `/wp-admin/` access for specific user roles



**Note**: These features are optional and should be used based on your specific organizational needs.



## Key Features



### ⚙️ Advanced WordPress Optimization

- **Automated Update Management**: Background updates for core, plugins, themes, and translations

- **Deferred Updates**: Exclude specific plugins/themes from auto-updates while maintaining manual control

- **Blocked Updates**: Completely prevent updates for critical plugins/themes (automatic and manual)

- **API Optimization**: Disable unused XML-RPC endpoints and optimize REST API access

- **Email Configuration**: Customize WordPress recovery and sender email addresses

- **Performance Hardening**: Disable unused features, optimize database performance

- **Background Processing**: Maintenance tasks that don't slow down your site



### 👑 Administrator Oversight System

- **Super User Control**: Designate who has full maintenance access while restricting others

- **Role-Based Permissions**: Granular control over what different admin roles can modify

- **Plugin & Theme Management**: Prevent other admins from installing unstable plugins or untested updates

- **Menu Management**: Hide sensitive WordPress settings from inexperienced administrators

- **User Account Protection**: Protect maintenance accounts from being modified by other admins



### 📊 Maintenance Command Center

- **Live Update Monitoring**: Real-time AJAX dashboard shows plugin/theme updates as they happen

- **Detailed Maintenance Logs**: Comprehensive logging with timestamps, versions, and compatibility notes

- **Export Maintenance Data**: Download update reports for analysis or compliance

- **Smart Notifications**: Get alerted about available updates and maintenance tasks

- **One-Click Management**: Instantly schedule updates, clear logs, or manage maintenance tasks



### 🔧 Developer Features

- **File-Based Configuration**: Support for `wp-config-fuerte.php` for mass deployment

- **Configuration Caching**: Optimized performance with intelligent caching

- **Hook System**: Extensible architecture with comprehensive WordPress hook integration

- **Multisite Support**: Compatible with WordPress multisite installations



**🔒 WHY CHOOSE FUERTE-WP?**



✅ **PROACTIVE MAINTENANCE** - Prevents plugin conflicts BEFORE they break your site

✅ **INTELLIGENT UPDATE MANAGEMENT** - Real-time update scheduling and compatibility checking

✅ **ADMIN OVERSIGHT CONTROL** - Controls what other administrators can modify

✅ **EMAIL MANAGEMENT** - Built-in email routing and configuration features

✅ **PERFORMANCE OPTIMIZED** - Won't slow down your website

✅ **MULTISITE COMPATIBLE** - Works on single sites and WordPress networks

✅ **SELF-PROTECTING** - Cannot be disabled by non-super users

✅ **DEVELOPER FRIENDLY** - File-based configuration for mass deployment

✅ **SMART MAINTENANCE APPROACH** - Focuses on prevention over reactive fixes



**🎯 PERFECT FOR:**

- Multi-author blogs and news sites with frequent content updates

- Client websites built by agencies that need reliable maintenance

- E-commerce stores with critical uptime requirements

- Educational institutions with multiple WordPress installations

- Enterprise WordPress deployments requiring strict maintenance policies

- **Sites concerned about supply chain attacks** - protect yourself when developer accounts are compromised

- Anyone serious about WordPress maintenance and reliability



## How to Install



**⚡ INSTALL IN SECONDS, MAINTAIN FOR YEARS**



1. Click "Install Now" or search for "Fuerte-WP" in your WordPress dashboard

2. Activate the plugin

3. Visit Settings > Fuerte-WP to configure the settings as you like. Defaults are good if you want to leave them like that

4. Congratulations! Your WordPress site is now professionally maintained.



### Harder configuration (optional)



Fuerte-WP allows you to configure it "harder". This way, Fuerte-WP options inside wp-admin panel aren't even shown at all. Useful to mass deploy Fuerte-WP configuration to multiple WordPress installations.



To use the harder configuration, follow this steps:



- Download a copy of [```config-sample/wp-config-fuerte.php```](https://github.com/EstebanForge/Fuerte-WP/blob/master/config-sample/wp-config-fuerte.php) file, and set it up with your desired settings. Edit and tweak the configuration array as needed.



- Upload your tweaked ```wp-config-fuerte.php``` file to your WordPress's root directory. This usually is where your wp-config.php file resides.



- When Fuerte-WP detects that file, it will load the configuration from it. This will bypass the DB values from the options page, completely.



#### Config file updates



To check if your ```wp-config-fuerte.php``` file need an update, follow this steps:



Check the default [```config-sample/wp-config-fuerte.php```](https://github.com/EstebanForge/Fuerte-WP/blob/master/config-sample/wp-config-fuerte.php) file. The header of the sample config will have the version when it was last modified.



Then check out your own ```wp-config-fuerte.php``` file. If yours has a lower version number, then you need to update your settings array.



Compare your config with the [default wp-config-fuerte.php file](https://github.com/EstebanForge/Fuerte-WP/blob/master/config-sample/wp-config-fuerte.php) and add the new/missing settings to your file. You can use [Meld](https://meldmerge.org), [WinMerge](https://winmerge.org), [Beyond Compare](https://www.scootersoftware.com), [Kaleidoscope](https://kaleidoscope.app), [Araxis Merge](https://www.araxis.com/merge/), [Diffchecker](https://www.diffchecker.com) or any similar software diff to help you here.



Upload your updated ```wp-config-fuerte.php``` to your WordPress's root directory and replace the old one.



Don't worry. New Fuerte-WP features that need new configuration values will not run or affect you until you upgrade your config file and add the new/missing settings.



## Documentation



For detailed documentation, please see:



- **[FAQ](docs/FAQ.md)** - Frequently Asked Questions

- **[Changelog](CHANGELOG.md)** - Version history and changes

- **[Deployment Guide](docs/DEPLOYMENT.md)** - Deployment instructions and best practices

- **[Composer Commands](docs/COMPOSER_COMMANDS.md)** - Available composer scripts for development

- **[Security Policy](SECURITY.md)** - Security reporting and policies

- **[CLAUDE.md](CLAUDE.md)** - Project architecture and development guidelines (for contributors)

- **[TODO](docs/TODO.md)** - Planned features and development roadmap



## FAQ



Check the [full FAQ here](docs/FAQ.md).



## Suggestions, Support



Please, open [a discussion](https://github.com/EstebanForge/Fuerte-WP/discussions).



## Bugs and Error reporting



Please, open [an issue](https://github.com/EstebanForge/Fuerte-WP/issues).



## Changelog



See [CHANGELOG.md](CHANGELOG.md) for version history and changes.