Fix bulk plugin update reliability. Prevents transient cache issues during batch updates.<\/p>","1.5.5":"
WordPress.org approved release. Final compliance fixes.<\/p>","1.5.4":"
WordPress.org review fixes: proper path functions, sanitization, remote management documentation.<\/p>","1.5.3":"
Code quality improvements for WordPress.org compliance. No breaking changes.<\/p>","1.0.0":"
Initial release of Lock My Site.<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":4},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3475648,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3475648,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3475648,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3475648,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.5.5","1.5.9"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3475648,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3475648,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3475648,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3475657,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3475657,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3475657,"resolution":"6","location":"assets","locale":""},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3475657,"resolution":"7","location":"assets","locale":""}},"screenshots":{"1":"Plugin settings page with API key and security configuration","2":"Activity log showing recent API calls","3":"IP whitelist and HMAC signature configuration","4":"Security audit report - cover page with risk score and findings summary","5":"Monthly maintenance report - cover page with KPIs (updates, uptime, security, performance)","6":"Security audit detail - executive summary with categorized findings","7":"Maintenance report detail - site configuration and technical parameters"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1556,732,2156,14512,2550],"plugin_category":[52],"plugin_contributors":[257170],"plugin_business_model":[],"class_list":["post-280545","plugin","type-plugin","status-publish","hentry","plugin_tags-api","plugin_tags-maintenance","plugin_tags-management","plugin_tags-remote","plugin_tags-updates","plugin_category-performance","plugin_contributors-juaevpa","plugin_committers-juaevpa"],"banners":{"banner":"https:\/\/ps.w.org\/lock-my-site\/assets\/banner-772x250.png?rev=3475648","banner_2x":"https:\/\/ps.w.org\/lock-my-site\/assets\/banner-1544x500.png?rev=3475648","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/lock-my-site\/assets\/icon-128x128.png?rev=3475648","icon_2x":"https:\/\/ps.w.org\/lock-my-site\/assets\/icon-256x256.png?rev=3475648","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/lock-my-site\/assets\/screenshot-1.png?rev=3475648","caption":"Plugin settings page with API key and security configuration"},{"src":"https:\/\/ps.w.org\/lock-my-site\/assets\/screenshot-2.png?rev=3475648","caption":"Activity log showing recent API calls"},{"src":"https:\/\/ps.w.org\/lock-my-site\/assets\/screenshot-3.png?rev=3475648","caption":"IP whitelist and HMAC signature configuration"},{"src":"https:\/\/ps.w.org\/lock-my-site\/assets\/screenshot-4.png?rev=3475657","caption":"Security audit report - cover page with risk score and findings summary"},{"src":"https:\/\/ps.w.org\/lock-my-site\/assets\/screenshot-5.png?rev=3475657","caption":"Monthly maintenance report - cover page with KPIs (updates, uptime, security, performance)"},{"src":"https:\/\/ps.w.org\/lock-my-site\/assets\/screenshot-6.png?rev=3475657","caption":"Security audit detail - executive summary with categorized findings"},{"src":"https:\/\/ps.w.org\/lock-my-site\/assets\/screenshot-7.png?rev=3475657","caption":"Maintenance report detail - site configuration and technical parameters"}],"raw_content":"\n
Lock My Site is a lightweight plugin that enables remote management of your WordPress site through a secure REST API. Perfect for agencies, freelancers, and anyone managing multiple WordPress sites.<\/p>\n\n
Status & Health<\/strong>\n* Updates<\/strong>\n* Plugins<\/strong>\n* Themes<\/strong>\n* Database<\/strong>\n* Logs<\/strong>\n* Users<\/strong>\n* This plugin connects to the following external services:<\/p>\n\n These are the only two external services this plugin connects to. No other HTTP requests are made to any third-party service.<\/p>\n\n The plugin's security scanner contains a hardcoded list of well-known, legitimate third-party domain names used as a local string-matching whitelist only<\/strong>. This list includes domains such as:<\/p>\n\n These domains are NOT contacted, called, or connected to in any way by this plugin.<\/strong> No HTTP requests, API calls, or any form of network communication is made to any of these domains.<\/p>\n\n The domain names appear as plain string constants in a PHP array. When the security scanner analyzes post and page content for potentially malicious script injections (e.g. Yes. The plugin uses API key authentication, supports HMAC signature verification, IP whitelisting, implements rate limiting, auto-lockout after failed attempts, and logs all API access. The API key is generated automatically and can be regenerated at any time.<\/p><\/dd>\n Include the Yes, you can configure an IP whitelist in the plugin settings page (Tools > Lock My Site).<\/p><\/dd>\n Yes, this plugin is designed to work with any management dashboard that implements the API. It's compatible with custom dashboards and management tools.<\/p><\/dd>\n You can regenerate your API key at any time from the plugin settings. The old key will immediately stop working. You can also enable email alerts to be notified of suspicious access attempts.<\/p><\/dd>\n The plugin works on individual sites. For multisite networks, install it on each site you want to manage.<\/p><\/dd>\n\n<\/dl>\n\n\nGET \/ping<\/code> - Connection check\n* GET \/health<\/code> - Complete site health status<\/p>\n\nGET \/updates<\/code> - Available updates (plugins, themes, core, translations)\n* POST \/update\/plugin<\/code> - Update a specific plugin\n* POST \/update\/theme<\/code> - Update a specific theme\n* POST \/update\/core<\/code> - Update WordPress core\n* POST \/update\/all-plugins<\/code> - Update all plugins\n* POST \/update\/all-themes<\/code> - Update all themes\n* POST \/update\/translations<\/code> - Update all translations<\/p>\n\nGET \/plugins<\/code> - List all plugins\n* GET \/plugins\/{plugin}<\/code> - Get plugin details\n* POST \/plugins\/activate<\/code> - Activate a plugin\n* POST \/plugins\/deactivate<\/code> - Deactivate a plugin\n* GET \/plugins\/ignored<\/code> - List ignored plugins\n* POST \/plugins\/ignore<\/code> - Ignore a plugin from bulk updates\n* POST \/plugins\/unignore<\/code> - Remove plugin from ignored list<\/p>\n\nGET \/themes<\/code> - List all themes\n* POST \/themes\/activate<\/code> - Activate a theme<\/p>\n\nGET \/database\/stats<\/code> - Database statistics\n* POST \/database\/cleanup<\/code> - Clean database (revisions, drafts, spam, etc.)\n* POST \/database\/optimize<\/code> - Optimize database tables<\/p>\n\nGET \/logs\/php<\/code> - PHP error log\n* GET \/logs\/activity<\/code> - Plugin activity log<\/p>\n\nGET \/users<\/code> - List WordPress users<\/p>\n\nExternal services<\/h3>\n\n
1. WordPress.org Checksums API<\/h4>\n\n
\n
https:\/\/api.wordpress.org\/core\/checksums\/1.0\/<\/code><\/li>\n\/security\/core-integrity<\/code>.<\/li>\nen_US<\/code>). No personal data is sent.<\/li>\n2. WordPress.org Translations API<\/h4>\n\n
\n
https:\/\/api.wordpress.org\/translations\/plugins\/1.0\/<\/code>, https:\/\/api.wordpress.org\/translations\/themes\/1.0\/<\/code>, and https:\/\/api.wordpress.org\/translations\/core\/1.0\/<\/code><\/li>\nImportant note about domain name references in the source code<\/h4>\n\n
\n
<script src=\"...\"><\/code> tags), it compares the src<\/code> attribute against this whitelist using local string matching. Scripts referencing whitelisted domains are recognized as legitimate and excluded from the scan results, reducing false positives. The entire comparison happens locally in PHP memory -- no data leaves the server.<\/p>\n\n\n\n
lock-my-site<\/code> folder to \/wp-content\/plugins\/<\/code><\/li>\n\n
Is this plugin secure?<\/h3><\/dt>\n
How do I authenticate?<\/h3><\/dt>\n
X-API-Key<\/code> header with your API key in each request.<\/p><\/dd>\nCan I restrict access by IP?<\/h3><\/dt>\n
Does it work with management dashboards?<\/h3><\/dt>\n
What happens if someone gets my API key?<\/h3><\/dt>\n
Does it support multisite?<\/h3><\/dt>\n
1.5.9<\/h4>\n\n
\n
1.5.8<\/h4>\n\n
\n
1.5.6<\/h4>\n\n
\n
1.5.5<\/h4>\n\n
\n
1.5.4<\/h4>\n\n
\n
1.5.3<\/h4>\n\n
\n
lockmysi_<\/code> for WordPress.org compliance<\/li>\n1.0.0<\/h4>\n\n
\n