ClassicPress reaches a new milestone with the release of v1.1.0 which brings a new Security Page, along with twelve minor changes and fixes.
Hot on the heels of the v1.0.2 point release, this new release has introduced a new feature called the Security Page, which appears in the admin panel.
With CP being a business focused CMS, security of your installation is one of their primary concerns. The aim of the new page is to put all your security plugins in the one area. This enables you to quickly access the settings for each plugin, without having to hunt for them in the left menu tabs.
This will not happen automatically, however. The plugin developer has to add the necessary code to their plugin before it will be detected and displayed under the new menu tab. So it is not about changing anything with your current installation, but laying the ground work for developers who want to support CP.
There have also been twelve patches applied for minor tweaks. You can read the release notes here.
To show how the feature works, Simone from the CP forum took a small security plugin that has not been updated in the WP repository for 2 years and created a new fork for CP. Simone updated the plugin, added the code, and released it on GitHub.
The original plugin is Brute Force Login Protection, which you can find at WP. The CP version has been renamed CP Brute Force Login Protection. In this post, I will show you how the new Security Page works. If you would like to install the plugin for yourself, you can download the zip file from my site here. Please backup your site first though.
This plugin is small but powerful. It enables you to permanently block IP addresses when someone tries to guess your login details, and fails more than the number of times you set. It can also send you an email to let you know. Even people trying to hack into your admin area by bypassing the login form, will be detected and blocked. You can whitelist your own IP address, so you don’t get locked out.
I have used the plugin for years on all my sites and it is an excellent backstop for when they slip past my other security plugins. It adds the blocked IP addresses to the .htaccess file and displays a message you can configure once they’ve been blocked.
In the image below, I have shown how my admin panel looks on a site with the original plugin and a site with the new one:
With the original plugin, which does not contain the code for the Security Page, the link to the plugin configuration page is under Settings at #1. It could have been anywhere, under Tools, Appearance or its own tab. You have to go looking for it. You then click on the plugin name at #2.
With the new plugin, which does contain the code, you can see it has disappeared from Settings at #3. It now appears under Security at #4. The link to the settings configuration page is now clear and in a sub-menu at #5.
That is the purpose of this new feature, to enable all your security related plugins to be listed under the one tab, so you can configure them quickly.
In the next image, you can see what you get if you click on the top-level Security tab:
You see the settings sub-menu link at #1 and a link on the actual page at #2. There is also a tab for Developers, to explain what they need to add to their plugins for them to be picked up by CP and displayed there.
If you look at the plugin in your list of plugins, you see that one now has a security shield icon added next to it:
The release of this update to CP v1 shows how new features can be added to the CMS without breaking compatibility with previous versions and causing site errors. It is the first change that users will probably notice in the admin panel, but there are many patches that have been applied since the project began, that users don’t actually notice.
With v2, there will be a lot more visible changes, but stability is paramount, so there is much research and testing to be done before that is released.