Kreiswolke Maintenance Agent Toolkit
Maintenance Agent keeps your WordPress sites updated, hardened, and recoverable — so staying current is no longer a risk or a chore. You get a complete maintenance toolkit: careful updates, security hardening, instant rollback, emergency recovery, anti-bot features and Coming Soon page.
Drive it with your own AI assistant, manually, or through the free companion app — which adds the dashboards, manual controls and a specialized agent that runs the whole cycle based on dependencies and site history.
Protect and harden — via wp-admin or remote (FREE)
- 20 hardening and anti-bot features: security headers, HSTS, hide usernames, generic login errors, disable the file editor, force SSL on admin, block xmlrpc, block PHP execution in uploads, block sensitive files, honeypot URLs, bad-bot blocklist, directory listing off — and more. Each with a plain-English helper, all off by default.
- Login gate: protect your login with a PIN page that stops login-hammering bots before WordPress even boots (saves server resources).
- Every
.htaccesschange backed up automatically first, restorable in one click — plus an FTP kill-switch. - Animated Coming Soon page and maintenance mode, configurable and SEO-aware.
Careful maintenance toolset — for agents and custom integrations (FREE)
- Works with any MCP-capable AI assistant, your scripts, or CI. Registered with the WordPress Abilities API (WP 6.9+), standard Application Password auth.
- Full site stack and health reports: versions, every plugin and theme, update availability, recent errors.
- A lightweight health signal, readable any time: database reachable, recent fatals, free disk space, stalled cron, auto-disabled plugins, active cache layer.
- Point-in-time snapshot of every plugin, theme, core, and the database — taken before anything is touched.
- The building blocks for careful, one-at-a-time updates: update a single item, flush caches, run a health check — sequenced by whatever drives it (the app’s agent, your script, or your AI assistant).
- Install, activate, deactivate, or remove any plugin or theme.
- Per-item restore: roll back only what broke — no full-site backup restore needed.
- Optional backup-plugin trigger (UpdraftPlus, BackWPup), cache flush, error-log tail.
There is no AI inside the plugin itself — it is a deterministic toolkit. Intelligence lives in whatever you connect to it.
Dashboards and a specialized agent — via the companion app (FREE TIER)
- The free plan is real and permanent (no credit card, no trial clock): one agent audit, 5 agent maintenance runs, 1 archived restore point, maintenance dashboards.
- Specialized agent with memory that runs the whole cycle: snapshot → reasoned dependency update order → verify each step → decides rollback if something breaks → reports.
- Dashboard with stack overview, health, pending updates, status, theme/plugin installer, and more.
- Narrated, read-only first scan — see what the agent thinks of your site before anything is ever changed.
- Live run view (watch the agent do maintenance work), run history and reports, a Time Machine restore point, per-site notes.
More sites, scheduling, and monitoring — paid plans (optional)
The free plan runs the full agent and dashboards within a small monthly allowance. Paid plans lift the limits and add what matters once you manage more than one site:
- From a single site to a whole portfolio — more sites, more runs.
- Scheduling: a weekly maintenance rhythm per site, run unattended, reported back.
- Uptime, SSL and domain monitoring — external checks enriched with insider context (it knows which run touched the site and what changed).
- Cross-site installer: install, update, or harden plugins and themes across the whole fleet in one pass.
- Fleet-wide hardening — the security toolkit applied to many sites at once.
- Longer restore-point history, client reports under your agency branding, per-client routing.
Pricing and the full comparison are on the website. The plugin never requires a paid plan — or any plan.
Why Maintenance Agent?
Updates should be careful, observable, and reversible. Most tools update everything at once and hope; this one is built the other way.
- It reasons before it acts: reads your stack, plans a dependency-aware order, updates one item at a time, verifies each step — then decides, per failure, whether to retry, skip, roll back, or stop.
- Everything is reversible: a snapshot before anything is touched, per-item rollback, and an emergency companion that recovers a site even when the site itself won’t boot.
- Drive it your way: click it in the dashboard, ask the in-app assistant, or run it from your own AI assistant over MCP — the same safe operations, three ways in.
- Your data stays in the EU: hosted in Germany, GDPR-aligned with a data-processing agreement, credentials encrypted at rest, and onboarding that never asks for your admin password.
Full features, screenshots, and pricing: https://kreiswolke.com/wp-maintenance-agent/
External services
1. The Kreiswolke companion app (optional, opt-in only)
The plugin contacts the companion app only if you explicitly connect your site (a “Connect” action in the plugin’s settings). Without connecting, the plugin sends nothing anywhere.
When you connect:
- The connection is established through a consent screen on the app. During pairing, the site URL and cryptographic public keys are exchanged, and a standard WordPress Application Password is created for the app — after you accept the terms on the consent screen.
- A connected app can then read the site reports described above and perform the maintenance operations you authorize (updates, rollback, hardening configuration), authenticated by that Application Password plus a per-site request signature.
- The plugin itself initiates only one outgoing call: if the plugin is disconnected, deactivated with disconnect, or deleted, it sends a short, best-effort notification to the app — containing the event name, the site URL, and the pairing identifier — so the app stops treating the site as managed. No other data is in that call.
- You can disconnect at any time from the plugin’s settings; uninstalling removes the credentials on the site (and revokes the Application Password).
Service provider: Kreiswolke Terms of service: https://kreiswolke.com/terms/ Privacy policy: https://kreiswolke.com/privacy-policy/
2. api.wordpress.org
Site stack reports enrich plugin information (latest version, last-updated date, requirements) through WordPress core’s own plugins_api() — the same wordpress.org API your site already uses for the update screen.
3. Requests to your own site
Several features fetch a URL on your own site (never a third party): the post-update health check (pinned to your site’s address), the webserver-detection probe, the login-gate self-test, and a one-time compatibility probe before writing an ErrorDocument rule. These are loopback self-checks, listed here so they are not mistaken for external calls.
