DraftSEO.AI

Changelog

1.1.1

Plugin images update

1.1.0

When a new image is generated and republished from DraftSEO.ai, the old now-unused image is auto-deleted from the Media folder in WordPress. Saves storage space, cleans up unused media assets.

1.0.5

YouTube video embeds now work on WordPress.

  • Fixed YouTube videos not appearing on published WordPress posts — videos are now properly converted to native WordPress embed blocks before publishing, so they show up as responsive YouTube players on your site

1.0.4

Content formatting and image fixes.

  • Fixed headings appearing as raw text after images instead of being properly formatted
  • Removed unwanted image captions — image descriptions were showing as visible text below every image. They are now used for accessibility only and no longer display on the page

1.0.3

Content formatting fixes.

  • Fixed headings sometimes appearing as plain text instead of proper headings
  • Fixed citation links being malformed in published posts

1.0.2

Content formatting and SEO structured data hotfix release.

  • In-text citations [1], [2] now render as clickable superscript links that scroll to the matching reference
  • References section converted to a styled numbered list with anchor IDs for citation linking
  • All external links now open in a new tab with rel=”noopener noreferrer” for security
  • FAQ Schema (JSON-LD) structured data extracted from content and injected into WordPress post <head> for Google rich results
  • WordPress plugin now injects front-end CSS for consistent styling of citations, references, and tables across themes
  • Updated content sanitization allowlist to support <sup>, <ol>/<li> with IDs, and <a> with target/rel attributes
  • WordPress site dropdown now only shows active/connected sites

1.0.1

  • Hotfix: YouTube video embeds now render correctly using WordPress oEmbed
  • Hotfix: Data tables now display as formatted HTML tables instead of raw markdown text

1.0.0

Major release with 30+ improvements across security, stability, performance, and API architecture.

Security (6 improvements)

  • HMAC-SHA256 webhook authentication — Deactivation and disconnect webhooks now sign payloads with HMAC-SHA256 using the API key as the secret; the API key is never transmitted over the wire
  • Replay protection — Webhook requests include a Unix timestamp in X-DraftSEO-Timestamp header; requests older than 5 minutes are rejected
  • Timing-safe comparisons — All API key and signature comparisons use hash_equals() (PHP) and crypto.timingSafeEqual (Node.js) to prevent timing-based side-channel attacks
  • AES-256-CBC encryption — API keys stored at rest using AES-256-CBC with a random IV per encryption, derived from WordPress auth salt (site-specific, not hardcoded)
  • Improved deactivation hook — Now reads the API key via DraftSEO_Settings::get_api_key() (properly decrypted) for more reliable key handling
  • Enhanced key validation — verify_api_key() now explicitly validates both stored and provided keys with specific, actionable error codes

API & REST Endpoint Improvements (7 improvements)

  • New /tags endpoint — Added GET /wp-json/draftseo/v1/tags for tag synchronization, matching the existing /users and /categories endpoints
  • Unified endpoint architecture — All three sync resources (users, categories, tags) now use the same plugin-first-then-fallback pattern via fetchWithPluginFallback()
  • Structured error responses — All error responses now use proper WP_Error objects with specific error codes (rest_forbidden, rest_missing_param, rest_publish_error, rest_update_error, rest_post_not_found, rest_tags_error) for better debugging and integration
  • rest_ensure_response() — All success responses now use rest_ensure_response() per WordPress REST API Handbook, allowing WordPress filters to process responses through the standard pipeline
  • Input validation arguments — /publish and /update routes now define args with validate_callback and sanitize_callback for server-side input validation before the handler runs
  • Remote disconnect endpoint — /remote-disconnect properly clears stored API key and connection settings when triggered from DraftSEO.AI platform
  • Bidirectional disconnect sync — When a user disconnects from DraftSEO.AI, the platform now calls the plugin’s /remote-disconnect endpoint before local deletion, keeping both sides in sync

Stability & Error Handling (6 improvements)

  • Non-JSON response resilience — Gracefully handles HTML maintenance pages, WAF blocks, and 503 errors from WordPress instead of failing silently
  • Sync endpoint timeout & abort — Added configurable timeout with AbortController to prevent hanging sync requests
  • Error isolation — Per-card Error Boundaries in the WordPress site list ensure individual site issues don’t affect other connected sites
  • Guarded data access — All connection data property accesses use optional chaining with fallbacks for maximum reliability
  • Response validation — API responses are validated as proper arrays/objects before processing for robust data handling
  • Health check hardening — Health check response parsing improved with dedicated error paths for edge cases

Performance & Optimization (4 improvements)

  • Parallel sync — Users, categories, and tags are fetched simultaneously via Promise.all() instead of sequentially
  • Smart retry logic — 4xx client errors (401, 403, 400, 422) skip retry entirely; only 5xx server errors are retried, reducing wasted API calls
  • Optimized cache invalidation — Streamlined cache invalidation strategy; added health check invalidation after sync for immediate UI updates
  • Image import strategy — Intelligent strategy selection: 1-5 images use direct import (fast), 6+ images use hybrid approach (featured image immediate, rest via WordPress Cron background processing)

Usability

  • Added “Settings” quick-access link on the Plugins page (next to Deactivate) for one-click access to plugin configuration

WordPress Best Practices

  • Requires WordPress 6.2+ and PHP 7.4+
  • Follows WordPress Coding Standards (WPCS)
  • Uses wp_kses_post() for content sanitization
  • Nonces for admin AJAX security
  • Capability checks (manage_options) for settings access
  • Content cleanup: Markdown-to-HTML conversion, responsive table wrapping, blockquote formatting
  • Publication logging to custom database table
  • Image duplicate detection via URL hash with WordPress object cache

Tag Management

  • Auto-create tags from AI-generated keywords (configurable 1-10 count)
  • Manual tag selection from existing WordPress tags
  • Custom tags: create new tags on-the-fly during publishing

Image Handling

  • Direct download from DraftSEO.ai to WordPress Media Library
  • Alt text and heading text metadata preserved
  • Featured image setting with URL replacement in post content (DraftSEO.ai URLs → local WordPress URLs)
  • Background processing via WordPress Cron for large image sets (6+ images)

0.2.0

  • Initial beta release
  • One-click blog publishing from DraftSEO.AI
  • Automatic image import from DraftSEO.ai
  • SEO metadata transfer
  • WordPress category sync
  • Auto-create tags from keywords
  • Multiple post status options (draft, publish, schedule)
  • Content cleanup and formatting
  • Secure API key encryption
  • Background image processing for large blogs
  • Remote disconnect synchronization
  • OAuth-based connection flow

Plugin Website
Visit website

Author
Kliment
Version:
1.1.1
Last Updated
March 10, 2026
Active Installs
60
Requires
WordPress 6.2
Tested Up To
WordPress 6.9.1
Requires PHP
7.4

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.