Changed: Removed page title from /llms-index.txt entries — each entry now shows only the last-modified date comment and the URL.
Added: Per-page Token Diet override — a select dropdown in the meta box lets you force Token Diet on or off for individual pages, independent of the global setting.
1.3.3 — 2026-03-11
Fixed: Missing assets/js/admin.js — the meta box “Block from ALL” master toggle was non-functional in 1.3.2 due to the JavaScript file being omitted from the release package.
Added: uninstall.php — clean removal of all plugin data (aionly_pages_settings option and all _aionly_* post meta) when the plugin is deleted via the WordPress admin.
Added: LICENSE file (GPLv2 full text).
Updated: Tested up to bumped to WordPress 6.7.2.
1.3.2 — 2026-03-01
Fixed: Output buffer opened by Token Diet (ob_start()) is now explicitly closed via a shutdown hook, preventing potential buffer-stack conflicts with other plugins. Addresses WordPress.org Plugin Review Team feedback.
1.3.1 — 2026-02-20
Fixed: Noindex <meta> tags and X-Robots-Tag headers were not emitted on WordPress Pages and non-post custom post types. Both methods incorrectly checked publicly_queryable — WordPress’s built-in page post type has this set to false, causing both to silently return without writing any tags. Fixed by checking public instead.
Fixed: Settings page CSS was not loading on some WordPress setups. wp_add_inline_style() was attached to the wp-admin handle which is not guaranteed to be registered in the required state. Fixed by registering a dedicated aionly-settings-ui handle and attaching inline CSS to that.
Fixed: Settings admin menu was not appearing because class-settings.php was missing its require_once in the root loader.
Fixed: Removed placeholder Plugin URI header pointing to a non-existent URL, which produced a broken “Visit plugin site” link in the Plugins list.
Cleaned: Removed dead add_settings_section() and add_settings_field() calls that had no effect since do_settings_sections() is never called.
Security: $_SERVER[‘HTTP_USER_AGENT’] and $_SERVER[‘HTTP_ACCEPT_LANGUAGE’] now passed through sanitize_text_field( wp_unslash() ) before use.
i18n: Added load_plugin_textdomain() so translations load correctly.
1.3.0 — 2026-02-19
New: includes/class-settings.php — full WordPress Settings API integration adding a top-level “AI-Only Pages” admin menu with four visual cards.
New: LLM Index toggle — enable/disable /llms-index.txt globally. When disabled, the endpoint returns a 404.
New: Token Diet master toggle — enable/disable all AI output cleaning globally without touching code.
New: Six granular Token Diet toggles — independently control stripping of structural layout, <style> tags, <svg> elements, <iframe> elements, <form> elements, and <script> tags (with the schema application/ld+json preservation guarantee always enforced).
New: Live /llms-index.txt URL displayed on the settings page with a green/red status badge.
New: “How It Works” explainer built into the settings page — no need to consult the readme for basic orientation.
Architecture: Settings class hooks into core plugin filters at priority 5, ensuring developer add_filter() calls at priority 10+ always override settings-page values.
Architecture: All settings stored in one wp_options row (aionly_pages_settings) to minimise database overhead.
1.2.1 — 2026-02-19
Fixed: Restored Yoast SEO, WP Core, and RankMath global robots override filters that were inadvertently removed in v1.2.0. Without these, Yoast’s global <meta name=”robots” content=”index, follow”> tag overrode per-bot noindex tags — the core feature was broken for sites using Yoast or RankMath.
Fixed: Double-encoding bug in the “AI-optimized & listed” status badge. esc_html_e() was applied to a string already containing &, producing &amp; which rendered as literal “&” in the browser.
Fixed: save_meta_data() now always syncs the _aionly_active derived flag on every valid save, not only when individual bot values change. This self-heals any flag desync caused by direct DB edits, imports, or third-party plugins.
Fixed: Pro upsell link now includes rel=”noopener noreferrer” on target=”_blank” to prevent reverse tabnapping.
Improved: admin.js now listens to the change event instead of click. The change event is the semantically correct event for checkbox state and handles keyboard (Space bar) and programmatic changes correctly.
Improved: Added function_exists() guards to all global functions in the root file to prevent “Cannot redeclare function” fatal errors if the file is somehow processed more than once.
1.2.0 — 2026-02-19
Fixed: Asset path bug — PHP enqueued assets/js/admin.js but the file was located at assets/admin.js. The JS file 404’d and the “Block from ALL” button was dead on arrival.
Fixed: DOMContentLoaded wrapper removed from admin.js. Scripts enqueued with in_footer=true execute after that event fires; the callback was never running.
Fixed: admin.js now uses classList API instead of fragile className.indexOf() string matching for class detection.
Fixed: Restored missing before_delete_post cache-clearing logic that was inadvertently merged with transition_post_status into a single variadic function.
Fixed: Heuristic bot detection (Layer 2) restored after it was silently removed in a prior refactor.
Fixed: junk_queries loop now uses iterator_to_array() to snapshot the live DOMNodeList before iterating. Iterating a live list while removing nodes caused silent skips.
Improved: All inline attribute iteration now collects attributes into an array before removal, preventing NamedNodeMap reindexing skips.
Improved: Post ID resolved explicitly from $_GET[‘post’] / $_POST[‘post_ID’] in enqueue_admin_assets(), removing reliance on the implicit global $post.
1.1.6 — 2026-02-19
Major stability pass following an external AI code review that missed three deployment-blocking bugs while reporting “zero bugs found.”
Fixed JS path (assets/js/ subfolder), DOMContentLoaded timing, and class name mismatch between PHP and JS.
1.1.3 — 2026-02-19
Fixed plugin_dir_url() path calculation using dirname(dirname(__FILE__)).
Fixed XPath injection via unsanitized filter values in aionly_strip_token_bloat_tags.
Fixed get_post() fragility — now resolves post ID explicitly from request superglobals.
1.1.2 — 2026-02-19
Introduced Token Diet V2 with three-pass HTML cleaning (structural, bloat, attributes).
Added master “Block All” toggle with JavaScript event delegation.
Added X-Robots-Tag HTTP headers alongside HTML meta tags.
Added Yoast SEO, WP Core, and RankMath robots override filters.
Added heuristic bot detection layer (no browser UA markers + no Accept-Language).
1.1.0
Added /llms-index.txt discovery file with transient caching.
Added caching plugin compatibility notice.
Added sitemap exclusion for Yoast SEO and WP Core sitemaps.
1.0.3
Fixed nonce verification — nonces are post-specific to prevent cross-post replay.
Fixed capability check using post type’s own capability type.
Added transition_post_status hook to clear transient cache on post status changes.
1.0.1
Initial public release.
Per-bot noindex meta box with 10 supported search engine bots.
