WPMasterToolKit (WPMTK) – All in one plugin

Description

WP Master ToolKit is your all-in-one solution for improving your WordPress site. It brings together a suite of tools that streamline your dashboard and improve your workflow, enabling more efficient management of content and settings. With WPMasterToolKit, you can customize your WordPress installation to suit your needs, ensuring you have all the tools you need at your fingertips.

Presentation of the extension by Alexis Fichou (WP-Origami) 🇫🇷:

85 Free features

  • Adminer: A full-featured database management tool.
  • Allow Menu Custom Links to Open in New Tab: You can enable custom link menu items to open in a separate browser tab with just a simple checkbox. Additionally, to reinforce security and improve SEO performance, we've implemented the "rel="noopener noreferrer nofollow"" attribute for these links.
  • Apple Touch Icon: Manage app icon (Apple Touch Icon) individually. Once activated, go to Settings / General for change your Apple Touch icon without impact your favicon.
  • Auto Regenerate Salt Keys: WordPress salt keys or security keys are codes that help protect important information on your website.
  • Auto-Publish Posts with Missed Schedule: Automatically initiate the publication of scheduled posts marked with "missed schedule" upon each visit to the website, across all post types.
  • Ban Emails: Ban the chosen emails.
  • Blacklisted Usernames: Prevent the creation of new user accounts with predifined blacklisted usernames. Blacklist usernames that are too common.
  • Block User Registration from Disposable Email: Block user registration from disposable email addresses. Disposable email addresses are temporary email addresses that are used to register on websites that require email verification.
  • Child theme generator: A simple tool to generate a child theme on your WordPress. You can disable it after generation.
  • Clean Profiles: Tidy up user profiles by removing sections you do not utilise.
  • Clean Up Admin Bar: Remove various elements from the admin bar.
  • Code Snippets: Add custom code snippets to your website without the need to edit the theme's functions.php file. This feature is especially useful for adding custom CSS, JavaScript, and PHP code to your website. For disable all snippets, add this line to your wp-config.php: define('WPMASTERTOOLKIT_SNIPPETS_SAFE_MODE', true);
  • Content Duplication: Enable one-click duplication of pages, posts and custom posts. The corresponding taxonomy terms and post meta will also be duplicated.
  • Content Order: Enable custom ordering of various "hierarchical" content types or those supporting "page attributes". A new 'Order' sub-menu will appear for enabled content type(s).
  • Custom Admin CSS: Add custom CSS on all admin pages for all user roles.
  • Custom Body Class: Add custom <body> class(es) on the singular view of some or all public post types.
  • Custom Frontend CSS: Add custom CSS on all frontend pages for all user roles.
  • Disable All Updates: Completely disable core, theme and plugin updates and auto-updates. Will also disable update checks, notices and emails.
  • Disable Block-Based Widgets Settings Screen: Disable block-based widgets settings screen. Restores the classic widgets settings screen when using a classic (non-block) theme. This has no effect on block themes.
  • Disable Dashboard Widgets: Clean up and speed up the dashboard by completely disabling some or all widgets. Disabled widgets won't load any assets nor show up under Screen Options.
  • Disable Feeds: Completely deactivate RSS, Atom, and RDF feeds across your website. This entails disabling feeds for various content elements, such as posts, categories, tags, comments, authors, and search. Additionally, it erases any remaining references to feed URLs from the <head> section of your web pages.
  • Disable Gutenberg: Deactivate the Gutenberg block editor selectively, allowing you to control its usage for specific or all relevant post types.
  • Disable REST API: Disable REST API access for non-authenticated users and remove URL traces from <head>, HTTP headers and WP RSD endpoint.
  • Disable Really Simple Discovery (RSD) <link> tag: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
  • Disable WP Sitemap: Disable the default WordPress sitemap feature, which was introduced in WordPress 5.5.
  • Disable Windows Live Writer (WLW) manifest <link> tag: Disable the Windows Live Writer (WLW) manifest <link> tag in <head>. The WLW app was discontinued in 2017.
  • Disable WordPress shortlink <link> tag: Disable the default WordPress shortlink <link> tag in <head>. Ignored by search engines and has minimal practical use case. Usually, a dedicated shortlink plugin or service is preferred that allows for nice names in the short links and tracking of clicks when sharing the link on social media.
  • Disable XML-RPC: Enhance your website's security by fortifying it against brute force, (DoS) and (DDoS) attacks through advanced XML-RPC protection. In addition, our solution proactively disables trackbacks and pingbacks, bolstering your site's defense mechanisms.
  • Disable cart fragments scripts: Disable cart fragments scripts on the front-end for public site visitors. This might break the functionality of the cart and checkout pages if they depend on cart fragments.
  • Disable dashicons CSS and JS files: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
  • Disable emoji support: Disable emoji support for pages, posts and custom post types on the admin and frontend. The support is primarily useful for older browsers that do not have native support for it. Most modern browsers across different OSes and devices now have native support for it.
  • Disable jQuery Migrate: Removes the jQuery Migrate script from the frontend of your site.
  • Disable wp_mail: Disable the wp_mail function, which is used by WordPress to send emails. This feature is useful for websites that do not send emails, as it prevents the wp_mail function from loading and consuming resources.
  • Disallow Bad Requests: Protect your site against a wide range of threats. check all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.
  • Disallow Dir Listing: Disable the listing of the directories.
  • Disallow Malicious File Access in upload: Protect your website from malicious file access in the upload directory.
  • Disallow Plugin Upload: Disable zip file uploads for plugins, which are used to install plugins on your website.
  • Disallow Theme Upload: Disable zip file uploads for themes, which are used to install themes on your website.
  • Disallow WP File Edit: Prevent the modification of your website's core files through the WordPress admin panel.
  • Disallow register user: Prevent the creation of new user accounts on your website with the native WordPress registration form.
  • Duplicate Menu: Easily duplicate your WordPress Menus
  • Enhance List Tables: Improve the usefulness of listing pages for various post types and taxonomies, media, comments and users by adding / removing columns and elements.
  • Export Posts & Pages: Download your posts and pages to a .csv format.
  • Export Users: Download your user data to a .csv format.
  • External Permalinks: Enable pages, posts and/or custom post types to have permalinks that point to external URLs. The rel="noopener noreferrer nofollow" attribute will also be added for enhanced security and SEO benefits.
  • File Manager: Browser and manage your files efficiently and easily.
  • Force Strong Password: Enforce the use of strong passwords for all users on your website. This feature is especially useful for websites with multiple users, as it ensures that all users have a strong password that is difficult to guess or crack.
  • Heartbeat Control: Modify the interval of the WordPress heartbeat API or disable it on admin pages, post creation/edit screens and/or the frontend. This will help reduce CPU load on the server.
  • Hide Admin Bar: Hide the admin bar on the front end of your website for either specific user roles or all users.
  • Hide Admin Notices: Enhance the user experience on admin pages by reorganizing notices into a dedicated page.
  • Hide Login Errors: Hide the default WordPress login errors that appear when an incorrect username or password is entered.
  • Hide PHP Versions: Some servers send a header called X-Powered-By that contains the PHP version used on your site. It may be a useful information for attackers, and should be removed.
  • Hide WordPress Version: Hide the WordPress version from the source code.
  • Image Upload Control: Resize newly uploaded, large images to a smaller dimension and delete originally uploaded files. BMPs and non-transparent PNGs will be converted to JPGs and resized.
  • Insert <head>, <body> and <footer> Code: Easily insert <meta>, <link>, <script> and <style> tags, Google Analytics, Tag Manager, AdSense, Ads Conversion and Optimize code, Facebook, TikTok and Twitter pixels, etc.
  • Last Login Column: Track and record the most recent login activity of site users, then showcase the date and time in the users list table
  • Limit Login Attempts: Prevent brute force attacks by limiting the number of failed login attempts allowed per IP address.
  • Local avatars: Replaces GRAVATAR management with media management.
  • Lock Admin Email: Prevent the modification of the admin email address on your website.
  • Lock Site URL: Prevent the modification of the site URL on your website.
  • Log In/Out Menu: Enable log in, log out and dynamic log in/out menu item for addition to any menu.
  • Maintenance Mode: Show a customizable maintenance page on the frontend while performing a brief maintenance to your site. Logged-in administrators can still view the site as usual.
  • Manage ads.txt and app-ads.txt: Easily edit and validate your ads.txt and app-ads.txt content.
  • Manage robots.txt: Easily edit and validate your robots.txt content.
  • Media Cleaner: Automatically sanitize uploaded file names by removing special characters, and streamline media management by auto-generating key metadata fields (title, caption, alt text, and description) directly from the cleaned file name.
  • Media Encoder: Automatically converts images to WebP when they are uploaded to the media library.
  • Meta Debugger: Display all metadata for a post, user, term, or comment.
  • Move Login URL: Change the default login URL to a custom URL of your choice.
  • Multiple User Roles: Enable assignment of multiple roles during user account creation and editing. This maybe useful for working with roles not defined in WordPress core, e.g. from e-commerce or LMS plugins.
  • Nav Menu Visibility: Control your nav menu by allowing you to apply visibility controls to menu.
  • Obfuscate Author Slugs: Obfuscate publicly exposed author page URLs that shows the user slugs / usernames, e.g. sitename.com/author/username1/ into sitename.com/author/a6r5b8ytu9gp34bv/, and output 404 errors for the original URLs. Also obfuscates in /wp-json/wp/v2/users/ REST API endpoint.
  • Obfuscate Email Addresses: Obfuscate email address to prevent spam bots from harvesting them, but make it readable like a regular email address for human visitors, using shortcode [wpm_obfuscate email="example@email.com" display="newline"]
  • Open All External Links in New Tab: Ensure that all external links within post content open in a new browser tab by implementing the "target="_blank"" attribute. Additionally, enhance security and SEO advantages by including the "rel="noopener noreferrer nofollow"" attribute.
  • Password Protection: Password-protect the entire site to hide the content from public view and search engine bots / crawlers. Logged-in administrators can still access the site as usual.
  • Plugin & Theme Rollback: Revert to previous versions of any theme or plugin from WordPress.org.
  • Post Per Page: Specifying the number of posts to display per page, for each post type.
  • Protect Website Headers: Add security headers quickly to your site to protect it from threats such as phishing attacks, data theft and more.
  • Quick Add Post: A new button to quickly add new posts to speed up your workflow.
  • Redirect 404 to Homepage: Sends visitors to your homepage if they try to access a page that doesn't exist, ensuring they stay on your site.
  • Redirect After Login: Set custom redirect URL for all or some user roles after login.
  • Redirect After Logout: Set custom redirect URL for all or some user roles after logout.
  • Revisions Control: Avoid overloading the database by setting a cap on the number of revisions to save for certain or all types of posts that support revisions.
  • SMTP Mailer: Set custom sender name and email. Optionally use external SMTP service to ensure notification and transactional emails from your site are being delivered to inboxes.
  • SVG Upload: Enhance media library functionality to support the seamless uploading of SVG files.
  • Wider Admin Menu: Give the admin menu more room to better accommodate wider items.

Other plugin by Webdeclic

Webdeclic is a French web agency based in Paris. We are specialized in the creation of websites and e-commerce sites. We are also the creator of the following plugins:
* Mentions Legales Par Webdeclic
* Cookie Dough Compliance and Consent for GDPR
* QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly
* Univeral Honey Pot
* Clean My WP
* Show all plugins on WordPress.org

Support us

⭐️ If you like this plugin, please give us a 5 star rating on WordPress.org. This will motivate us to develop new features and write other plugins. ⭐️

☕️ If you want buy me a coffee, you can do it here : Buy me a coffee ☕️

Screenshots

  • Admin page
  • Import / Export settings
  • Move login submenu
  • Code snippets

Installation

  1. Upload the plugin files to the /wp-content/plugins/wp-mastertoolkit directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress
  3. Use the WPMasterToolKit screen to configure the plugin

FAQ

What is WPMasterToolKit?

WPMasterToolKit is a comprehensive plugin that provides a wide range of features designed to improve your WordPress. It includes tools to improve media management, user interface, site security and much more.

Will WPMasterToolKit slow down my website?

No, WPMasterToolKit is designed to be lightweight and efficient. This should not negatively impact your website performance.

Can WPMasterToolKit help with SEO?

Although WPMasterToolKit is not primarily an SEO plugin, it does include features that can help your site’s SEO, such as the ability to open external links in a new tab with the appropriate “rel” attributes.

How often is WPMasterToolKit updated?

We regularly update WPMasterToolKit to introduce new features, fix bugs and ensure compatibility with the latest versions of WordPress.

How can I contribute to WPMasterToolKit?

Contributions are welcome! You can contribute by reporting bugs, suggesting features, translating the plugin, or submitting code fixes.

Is WPMasterToolKit similar to ASE ?

Yes, WPMasterToolKit is similar to Admin and Site Enhancements (ASE), WP Extended and other all in one plugin.

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.

Reviews

Disyembre 6, 2024 2 replies
1 plugin, pas 5 ni 10 ni 18…. 1 seul plugin qui réunit tellement de petites améliorations. J’ai directement été conquis par le nombre de fonctionnalités et la simplicité ! Conclusion : mis à jour tous mes sites “client” en nettoyant la base des plugins inutiles.En plus, le dev est à l’écoute de la communauté sur les prochaines features à implémenter ou améliorer. L’essayer c’est l’adopter !
Nobyembre 27, 2024
A nice all-in-one, light yet powerful plugin that adds many great features to the base Core WordPress, without having to add many little ones otherwise. It comes with some niche features rarely seen in other similar plugins, and regularly get new updates. Very great!
Nobyembre 12, 2024 1 reply
Une extension qui permet de réduire le nombre de plugins et qui bénéficie d’un excellent support et d’évolutions régulières. La possibilité d’activer uniquement les fonctionnalités souhaitées est une belle idée, très pratique. Je recommande.
Oktubre 25, 2024 1 reply
Je n’ai jamais vu un plugin gratuit aussi complet. À tel point qu’à lui seul il remplace plus de 80 plugins, tous réunis en une seule extension super légère. De quoi sacrément alléger vos sites et supprimer bon nombre de plugins parfois lourds et qui deviennent totalement inutiles d’une seul coup. Merci Ludwig, je ne peux que recommander à tous ce merveilleux outils 🛠️
Oktubre 13, 2024 1 reply
J’étais timide d’utiliser cette extension, car habitué à un concurrent, mais finalement, c’est bien mieux ! Plus d’options, plus pratique, je valide ✅
Setyembre 29, 2024 1 reply
Je n’installe plus que lui. Oublié ASE (Admin and Site Enhancements). LE couteau suisse qui remplace tellement d’autres extensions. C’est merveilleux, c’est FR et c’est…. gratuit!
Read all 17 reviews

Contributors & Developers

“WPMasterToolKit (WPMTK) – All in one plugin” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.14.0

  • Add Module: Media Cleaner: Automatically sanitize uploaded file names by removing special characters, and streamline media management by auto-generating key metadata fields (title, caption, alt text, and description) directly from the cleaned file name.
  • Security update (reported by Patchstack, thanks @darius_fx): Arbitrary File Upload vulnerability and Arbitrary File Download vulnerability in Child Theme Generator module.

1.13.1

  • FIX: WP 6.7 compatibility with translations, move translatable strings in hook after init.

1.13.0

  • FIX: WP 6.7 compatibility with translations
  • Add Module: Media Encoder: Automatically converts images to WebP when they are uploaded to the media library.

1.12.5

  • FIX: Auto Regenerate Salt Keys: Problem on some installations

1.12.4

  • FIX: Problem with ‘Header set Content-Security-Policy “upgrade-insecure-requests;”‘

1.12.3

  • FIX: Problem with stats modal consent if you click on the bottom button for save.

1.12.2

  • FIX: Problem with constant replacement in wp-config.php, better method.

1.12.1

  • FIX: Problem with constant replacement in wp-config.php.

1.12.0

  • Update Module: Limit Login Attempts: Add option to delete blocked IP.
  • Update Module: Maintenance Mode: Add admin bar switcher and switch in the settings page.
  • Update Module: Protect Website Headers: Add more information about the headers.
  • UX improvement: Add a new filter in settings page for show only active modules
  • Add config sharing feature
  • Add modal for consent to collect data
  • Fix: Local avatars: php warning

1.11.0

  • Add Module: Adminer
  • Add Module: Apple Touch Icon
  • Add Module: Local avatars

1.10.2

  • Fixed: Problem with modules using textarea fields. Now, the textarea fields are correctly escaped with wp_unslash.

1.10.1

  • Fixed: module child theme generator: Better method for zip creation

1.10.0

  • Add Module: Disable jQuery Migrate
  • Add Module: Multiple User Roles
  • Add Module: Plugin & Theme Rollback
  • Fixed: Bug on child theme generator on some servers.
  • Update Module: File Manager: Edit files from default view and better UX.

1.9.0

  • Add Module: Child theme generator
  • Add Module: File Manager
  • Add Module: Protect Website Headers
  • Fixed: Prevent the form submit when the user press Enter in the search input (on settings).
  • Update: Better results on search input (on settings) if you don’t use special characters.

1.8.1

  • Fixed: Problem if Parsedown library doesn’t exist on the server.

1.8.0

  • Update Module: SMTP mailer: Replace password input type.
  • Change logo on admin page.
  • Add version on header of admin page.
  • What’s new modal in settings page.

1.7.0

  • Add Module: Ban emails
  • Add Module: SMTP mailer
  • Update Module: Auto Regenerate Salt Keys: Better approach to regenerate salt keys.

1.6.0

  • Add Module: Block User Registration from Disposable Email

1.5.1

  • Fix: Meta Debugger module: Add support on edit_user_profile

1.5.0

  • Add Module: Custom Frontend CSS
  • Add Module: Disable All Updates
  • Add Module: Disable REST API
  • Add Module: Heartbeat Control
  • Add Module: Image Upload Control
  • Add Module: Insert , and

<

footer> Code
* Add Module: Limit Login Attempts
* Add Module: Manage ads.txt and app-ads.txt
* Add Module: Manage robots.txt
* Add Module: Obfuscate Author Slugs
* Add Module: Obfuscate Email Addresses
* Fix: Increase the prioarity for the filter in hide admin bar module
* Fix: Problem with “Disallow bad requests” module

1.4.0

  • Add Module: Clean Up Admin Bar
  • Add Module: Content Duplication
  • Add Module: Content Order
  • Add Module: Custom Admin CSS
  • Add Module: Enhance List Tables
  • Add Module: External Permalinks
  • Add Module: Log In/Out Menu
  • Add Module: Meta Debugger
  • Add Module: Post Per Page
  • Fix: Problem with import / export settings feature

1.3.0

  • Add Module: Auto Regenerate Salt Keys: WordPress salt keys or security keys are codes that help protect important information on your website.
  • Add Module: Auto-Publish Posts with Missed Schedule: Automatically initiate the publication of scheduled posts marked with “missed schedule” upon each visit to the website, across all post types.
  • Add Module: Clean Profiles: Tidy up user profiles by removing sections you do not utilise.
  • Add Module: Custom Body Class: Add custom class(es) on the singular view of some or all public post types.
  • Add Module: Disable Block-Based Widgets Settings Screen: Disable block-based widgets settings screen. Restores the classic widgets settings screen when using a classic (non-block) theme. This has no effect on block themes.
  • Add Module: Disable Dashboard Widgets: Clean up and speed up the dashboard by completely disabling some or all widgets. Disabled widgets won’t load any assets nor show up under Screen Options.
  • Add Module: Disable Really Simple Discovery (RSD) tag: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
  • Add Module: Disable Windows Live Writer (WLW) manifest tag: Disable the Windows Live Writer (WLW) manifest tag in . The WLW app was discontinued in 2017.
  • Add Module: Disable WordPress shortlink tag: Disable the default WordPress shortlink tag in . Ignored by search engines and has minimal practical use case. Usually, a dedicated shortlink plugin or service is preferred that allows for nice names in the short links and tracking of clicks when sharing the link on social media.
  • Add Module: Disable cart fragments scripts: Disable cart fragments scripts on the front-end for public site visitors. This might break the functionality of the cart and checkout pages if they depend on cart fragments.
  • Add Module: Disable dashicons CSS and JS files: Disable loading of Dashicons CSS and JS files on the front-end for public site visitors. This might break the layout or design of custom forms, including custom login forms, if they depend on Dashicons. Make sure to check those forms after disabling.
  • Add Module: Disable emoji support: Disable emoji support for pages, posts and custom post types on the admin and frontend. The support is primarily useful for older browsers that do not have native support for it. Most modern browsers across different OSes and devices now have native support for it.
  • Add Module: Disallow Bad Requests: Protect your site against a wide range of threats. check all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.
  • Add Module: Disallow Dir Listing: Disable the listing of the directories.
  • Add Module: Disallow Malicious File Access in upload: Protect your website from malicious file access in the upload directory.
  • Add Module: Duplicate Menu: Easily duplicate your WordPress Menus
  • Add Module: Export Posts & Pages: Download your posts and pages to a .csv format.
  • Add Module: Export Users: Download your user data to a .csv format.
  • Add Module: Hide PHP Versions: Some servers send a header called X-Powered-By that contains the PHP version used on your site. It may be a useful information for attackers, and should be removed.
  • Add Module: Maintenance Mode: Show a customizable maintenance page on the frontend while performing a brief maintenance to your site. Logged-in administrators can still view the site as usual.
  • Add Module: Nav Menu Visibility: Control your nav menu by allowing you to apply visibility controls to menu.
  • Add Module: Password Protection: Password-protect the entire site to hide the content from public view and search engine bots / crawlers. Logged-in administrators can still access the site as usual.
  • Add Module: Quick Add Post: A new button to quickly add new posts to speed up your workflow.
  • Add Module: Redirect 404 to Homepage: Sends visitors to your homepage if they try to access a page that doesn’t exist, ensuring they stay on your site.
  • Add Module: Redirect After Login: Set custom redirect URL for all or some user roles after login.
  • Add Module: Redirect After Logout: Set custom redirect URL for all or some user roles after logout.
  • Add Module: Revisions Control: Avoid overloading the database by setting a cap on the number of revisions to save for certain or all types of posts that support revisions.
  • Add Module: Wider Admin Menu: Give the admin menu more room to better accommodate wider items.
  • Upgrade Module : Blacklisted Usernames : Add tool for fix blacklisted usernames.

1.2.1

  • Fix : SVG Upload doesn’t work properly
  • Security update : Sanitize uploaded SVG files

1.2.0

  • Add module : Code Snippets

1.1.0

  • Add module : Hide WordPress Version
  • Fix : Activate / deactivate module action

1.0.0

  • Initial release