[WordPress] 外掛分享: AbilityGuard – Abilities API Monitor

首頁外掛目錄 › AbilityGuard – Abilities API Monitor
WordPress 外掛 AbilityGuard – Abilities API Monitor 的封面圖片
全新外掛
安裝啟用
尚無評分
12 天前
最後更新
問題解決
WordPress 6.9+ PHP 7.2+ v1.0.0 上架:2026-07-04

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.0.0) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「AbilityGuard – Abilities API Monitor」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

AbilityGuard helps site administrators understand and audit what the WordPress Abilities API exposes on their site.
The WordPress Abilities API gives plugins, themes, AI tools, automation workflows, and other integrations a structured way to register and execute site capabilities. That is powerful, but it also creates a new visibility problem: administrators need to know which abilities are available, how those abilities are described, whether they are exposed through REST, and what executions have happened recently.
AbilityGuard adds that visibility layer. It inventories registered abilities, highlights risk-related annotations, and keeps a rolling execution log so you can review what ran, who triggered it, how it was triggered, and what data was stored.
What problem does AbilityGuard solve?
Without an inventory or audit trail, administrators may not know:

Which abilities are registered by active plugins or integrations.
Whether an ability is marked as read-only, destructive, or idempotent.
Whether an ability is exposed through REST.
Which abilities executed recently.
Which user triggered an ability execution.
Whether input or output payloads were captured for review.

AbilityGuard is designed to answer those questions from the WordPress admin area.
Features

Ability Inventory: view registered WordPress abilities in one place.
Risk Badges: see risk labels derived from Abilities API annotations.
Annotation Visibility: review read-only, destructive, and idempotent metadata.
Category Details: see the official ability category and slug.
Namespace Details: inspect the ability namespace for easier troubleshooting.
REST Exposure: identify abilities marked for REST API exposure.
Schema Visibility: see whether input and output schemas are registered.
Current User Permission Check: see whether the current admin user can execute an ability with its default input.
Execution Log: review recent ability executions.
Log Details: inspect ability name, user, trigger context, status, input, and output details.
Trigger Context: identify executions triggered through REST, WP-CLI, cron, or PHP.
User Links: jump from a log entry to the related WordPress user profile when available.
Configurable Payload Logging: choose whether to store ability input and output data.
Privacy-Conscious Defaults: output logging is disabled by default.
Log Retention: keeps a rolling log of the latest 100 execution entries.
Uninstall Cleanup Option: optionally remove AbilityGuard data when uninstalling the plugin.

What AbilityGuard does not log
AbilityGuard monitors Abilities API registrations and executions. It does not replace a general WordPress activity log plugin.
For example, AbilityGuard does not automatically log normal post edits, page updates, media uploads, settings saves, WooCommerce activity, or user profile changes unless those actions are performed through a registered WordPress ability.
Privacy and data storage
AbilityGuard stores logs in a custom database table in your WordPress database. Input logging can be enabled or disabled from the settings page. Output logging is available but disabled by default because ability responses may contain sensitive or large data.
Before enabling output logging, review your site’s privacy and compliance requirements.

延伸相關外掛

文章
Filter
Apply Filters
Mastodon