plugin-icon

AbilityGuard – Abilities API Monitor

Inventory, audit, and monitor WordPress Abilities API usage.
版本
1.0.0
最近更新:
Jul 5, 2026

AbilityGuard helps site administrators understand and audit what the WordPress Abilities API exposes on their site.

The WordPress Abilities API gives plugins, themes, AI tools, automation workflows, and other integrations a structured way to register and execute site capabilities. That is powerful, but it also creates a new visibility problem: administrators need to know which abilities are available, how those abilities are described, whether they are exposed through REST, and what executions have happened recently.

AbilityGuard adds that visibility layer. It inventories registered abilities, highlights risk-related annotations, and keeps a rolling execution log so you can review what ran, who triggered it, how it was triggered, and what data was stored.

What problem does AbilityGuard solve?

Without an inventory or audit trail, administrators may not know:

  • Which abilities are registered by active plugins or integrations.
  • Whether an ability is marked as read-only, destructive, or idempotent.
  • Whether an ability is exposed through REST.
  • Which abilities executed recently.
  • Which user triggered an ability execution.
  • Whether input or output payloads were captured for review.

AbilityGuard is designed to answer those questions from the WordPress admin area.

Features

  • Ability Inventory: view registered WordPress abilities in one place.
  • Risk Badges: see risk labels derived from Abilities API annotations.
  • Annotation Visibility: review read-only, destructive, and idempotent metadata.
  • Category Details: see the official ability category and slug.
  • Namespace Details: inspect the ability namespace for easier troubleshooting.
  • REST Exposure: identify abilities marked for REST API exposure.
  • Schema Visibility: see whether input and output schemas are registered.
  • Current User Permission Check: see whether the current admin user can execute an ability with its default input.
  • Execution Log: review recent ability executions.
  • Log Details: inspect ability name, user, trigger context, status, input, and output details.
  • Trigger Context: identify executions triggered through REST, WP-CLI, cron, or PHP.
  • User Links: jump from a log entry to the related WordPress user profile when available.
  • Configurable Payload Logging: choose whether to store ability input and output data.
  • Privacy-Conscious Defaults: output logging is disabled by default.
  • Log Retention: keeps a rolling log of the latest 100 execution entries.
  • Uninstall Cleanup Option: optionally remove AbilityGuard data when uninstalling the plugin.

What AbilityGuard does not log

AbilityGuard monitors Abilities API registrations and executions. It does not replace a general WordPress activity log plugin.

For example, AbilityGuard does not automatically log normal post edits, page updates, media uploads, settings saves, WooCommerce activity, or user profile changes unless those actions are performed through a registered WordPress ability.

Privacy and data storage

AbilityGuard stores logs in a custom database table in your WordPress database. Input logging can be enabled or disabled from the settings page. Output logging is available but disabled by default because ability responses may contain sensitive or large data.

Before enabling output logging, review your site’s privacy and compliance requirements.

目前已測試版本
WordPress 7.0
此外掛程式已可供下載,並可用於你 系統。