The BlogSec WordPress Sandbox plugin works on a whitelist principle. We accept all pages and posts (including wp-admin, feeds and xmlrpc) but deny requests for any other resources or WordPress functions.
I came up with the idea for this plugin when developing my homepage WithDK.com (where it is currently being tested). I wanted WordPress to act like a CMS (Content Management System), but I didn’t want all the whistles and bells. This plugin allowed me to achieve this, although it is still being tested.
We may want to extend this project to include a fully featured menu system with checkboxes for enabled/disabled WordPress features, but for now its a pet project.
I like the concept of this plugin. A whitelist approach means we allow only what we want which in turn means less areas for attackers to target.
Download bs-wp-sandbox.php.txt - Ver 1.2.1 NOW AVAILABLE.
Once downloaded, open the file with your favourite text editor and change BLOGNAME to suit your needs. Below BLOGNAME, you’ll also find the permitted list, you can delete or add entries as needed.
Enjoy!