New: fallback credential headers (X-AutoSync-Key / X-AutoSync-Secret). Some hosting setups strip the standard Authorization header before it reaches WordPress, which silently breaks Basic authentication. AutoSync now sends the same WooCommerce REST key pair in these headers on every request, and the plugin authenticates from them whenever the request would otherwise arrive anonymous — validated identically to WooCommerce’s own key check (hashed key lookup, timing-safe secret comparison, read/write scope per HTTP method, HTTPS only).
New: step-by-step authentication diagnostics. The /health endpoint — and every authentication failure — now reports which credential headers reached WordPress, whether the site detects HTTPS (a reverse proxy missing X-Forwarded-Proto disables WooCommerce key auth entirely), whether the consumer key exists, whether the secret matches, the key’s read/write scope, and whether the key’s user can read and write products. AutoSync’s “Test Connection” shows each step as a separate pass/fail line, so a misconfigured key, a stripped Authorization header, or an under-privileged user is pinpointed instead of a generic 401. Key scope and user details are only disclosed after the full key/secret pair validates.
New: the /health endpoint reports the WordPress, WooCommerce and PHP versions plus the store’s clock (GMT), letting AutoSync flag outdated software and clock skew that would silently break incremental product discovery.
1.3.1
Fix: the category pickers on the settings page no longer cap the browsable list at 100 categories, and suggestion filtering is now done by the plugin itself instead of relying on the WordPress component’s internals.
Fix: stores with duplicate category names (same name under the same parent, common after bulk imports) broke the pickers — duplicate labels produced duplicate React keys, corrupting the suggestion list into stale, unfiltered entries, and made the duplicates unselectable. Duplicate display names are now suffixed with ” (2)”, ” (3)”, … so every category is distinct and selectable.
New: the settings page shows the installed plugin version under the page title.
1.3.0
New: “ultra” sync mode for the /inventory endpoint — pure set-based SQL with no per-product cache purging or hooks, and a single full page-cache purge (WP Rocket, W3 Total Cache, WP Super Cache, SiteGround, LiteSpeed) at the end of each batch. Orders of magnitude faster on stores where per-product cache purging dominates; price changes on variations or sale-priced products still fall back to a full save.
Change: the “fast_stock” and “fastest” modes introduced in 1.2.0 are consolidated into a single “fast” mode (the former fast_stock behavior: stock via direct SQL, price changes via a full save). The “fastest” direct-SQL price path is dropped — it offered negligible speedup over fast_stock while adding price-integration risk.
1.2.0
New: the /inventory endpoint accepts an optional mode parameter selecting the write strategy. “standard” (the default) performs a full WooCommerce save per item for maximum compatibility. “fast_stock” writes stock-only updates with set-based SQL — keeping the stock-status, lookup table and parent-variation rollup consistent and firing the lightweight stock hooks — while falling back to a full save when a price actually changes. “fastest” additionally writes regular-price changes via set-based SQL for simple products with no sale price (variations and sale-priced products still fall back to a full save). The fast modes skip the heavier save_post / woocommerce_update_product hooks, so integrations bound to those (some feeds, search indexes, caches) may not refresh until their next rebuild.
Change: the standard write path performs a single full WooCommerce save per item (the 1.1.0 direct stock-only path now lives under “fast_stock”), so every WooCommerce and third-party save hook fires as expected. Batch cache priming and deferred term recounts are retained.
1.1.0
Performance: the /inventory endpoint now applies stock-only updates through WooCommerce’s direct stock data store instead of a full product save, avoiding the heavy save/hook cascade on every item. A full save is taken only when the regular price actually changes. Large stores no longer time out on big inventory batches.
Performance: a batch now primes the post/meta cache for all of its items in a single pass, and defers product-visibility term recounts until the batch completes.
1.0.5
Security: the /inventory write endpoint now performs a per-product capability check (matching WooCommerce’s own product controller) before changing any stock or price, so per-object permission rules are honored rather than bypassed by the single endpoint-level check.
Hardening: per_page/page request bounds are now validated against the schema and clamped server-side.
Performance: the settings option is registered with autoload disabled, so it is no longer loaded on every front-end request.
Compliance: added an “External services” section to the readme disclosing the AutoSync connection and the product/inventory data shared with it.
Internal: store the “last synced” marker under the plugin’s own meta key prefix instead of WooCommerce’s reserved _wc_admin_ namespace.
1.0.4
Settings page: category pickers now use a searchable token field (WordPress FormTokenField) with breadcrumb labels, replacing the checkbox checklist.
Security: split the REST permission callback into read- and write-specific gates so the /inventory endpoint requires edit_others_products rather than just read_private_products.
Internationalization: wrapped all user-facing strings (settings page, meta box, REST error messages, warning header) in gettext calls so the plugin is fully translatable via translate.wordpress.org.
Internal: switched to PHP 8.1 first-class callable syntax for hook/route registrations.
1.0.3
Internationalization: added Text Domain header and matching gettext call so the plugin is translatable via translate.wordpress.org.
