Fix: Added explicit WordPress.Security.ValidatedSanitizedInput.InputNotSanitized phpcs:ignore annotations to the three JSON blob input lines (ajax_save_settings, ajax_preview, ajax_import). Sanitization occurs correctly after json_decode() via sanitize_all_settings(); the annotations document this intent for static analysis tools.
Fix: Tested up to updated to 6.9 to match the current WordPress major version.
1.4.5
Fix: sanitize_all_settings() now validates that sections, post_types, descriptions, and title_overrides are arrays before passing them to helper functions or array_map(). Previously used ?? array() fallbacks which guard against null but not wrong types from malformed JSON, risking a TypeError on PHP 8+.
Fix: sanitize_sections() now validates pages is an array before iterating it.
Fix: sanitize_descriptions() and sanitize_title_overrides() now skip non-string values.
Fix: post_types output wrapped in array_values( array_filter() ) to strip any empty keys produced by sanitize_key().
1.4.4
Fix: ajax_preview() now passes POST data through sanitize_all_settings() before use, consistent with ajax_save_settings(). Previously used wp_parse_args() without sanitization.
1.4.0
New: 30-day AI crawler activity chart — stacked bar chart showing daily visits per bot, auto-compressed to weekly buckets for readability.
New: “Last AI crawler visit” banner at the top of the Crawler tab — shows a live “X minutes/hours/days ago” timestamp at a glance.
New: First Seen / Last Seen columns in the all-time bot summary table.
New: Export CSV button — downloads the full crawler log as a CSV file for use in client reports.
New: Daily aggregate storage (90-day rolling window) — daily visit counts are now stored separately from the raw log, enabling the timeline chart without scanning every log entry.
New: REST API endpoint GET /wp-json/llms-txt/v1/crawler-stats — returns all-time, 7-day, 30-day, daily, and per-bot first/last seen data.
New: REST API endpoint GET /wp-json/llms-txt/v1/pages — returns all curated sections and pages as JSON, useful for external dashboards.
Improvement: All-time bot table now includes Last 7 Days column alongside All-Time for quick comparison.
1.3.5
Fix: All PHP declarations, stored data keys, and WordPress registrations updated to use the distinct llmscu_ / LLMSCU_ prefix throughout, replacing the generic llms_txt_ / LLMS_Txt_ prefix. No data migration required — existing stored options are unaffected.
Fix: Readme comparative claims removed per WordPress plugin guidelines.
1.3.3
Fix: Reverted v1.3.2 RewriteRule approach which caused llms.txt 404 on some hosts. Replaced with a safe + mod_headers .htaccess block that sets Content-Type charset and X-Robots-Tag without touching WordPress rewrite rules.
1.3.2
Fix: UTF-8 encoding bug causing em dashes and other multibyte characters to render as — in browsers and AI crawlers. Physical llms.txt file is now always routed through WordPress via .htaccess rules so the correct Content-Type: text/plain; charset=utf-8 header is always sent.
New: X-Robots-Tag: noindex header option — prevents Google indexing llms.txt as a page in search results. Enabled by default; toggle in Settings tab under Search Indexing.
1.3.1
Security: X-Content-Type-Options: nosniff header added when serving llms.txt and llms-full.txt.
Security: Import JSON payload capped at 256 KB — rejected before decode with a plain-English error.
Security: Import schema sanity check — requires at least 2 expected top-level keys before accepting a configuration file.
Robustness: 2 MB file size guard before file_get_contents() — falls through to DB option if the physical file exceeds the cap.
Performance: no_found_rows, update_post_meta_cache => false, update_post_term_cache => false added to all get_posts() queries.
New: Site Diagnostics panel on the Preview & Validate tab — shows computed root, writable status, delivery mode, file/DB state, rewrite health, last live test result, and environment versions.
New: “Last verified” status bar row — persisted after every live test so it survives page reloads.
New: Reachability health banner — shown above tabs when the last live test failed; includes one-click “Fix: Flush Rewrite Rules” button that reruns the test automatically.
Fix: Multisite uninstall loop changed from a fixed 500-site cap to a paginated do/while loop (100 per page) — handles networks of any size.
Fix: @package docblock corrected from LLMS_Txt_Manager to LLMS_Txt_Curator across all PHP files.
Fix: load_plugin_textdomain() added — plugin is now translation-ready.
1.3.0
New: Multisite support (Chunks A–E — complete). Plugin header Network: true, network activation, per-site isolation, file path safety, network admin overview, and cron verification all done.
New: Network Admin overview page (Network Admin > Settings > LLMs.txt Curator) with summary strip, per-site status table, per-site Regenerate button, and Regenerate All Sites bulk action. Table updates live via AJAX without a page reload.
New: File mode column in network table — “Physical” (subdirectory) or “Rewrite” (subdomain/domain-mapped) with tooltip.
New: Regen schedule shown per-site in the network table.
New: Network Settings action link in the Network Admin plugins list.
New: llms_txt_file_write_safe() helper — prevents subdomain sub-sites from overwriting the main site’s physical llms.txt. Those sites serve via rewrite rule instead.
New: next_regen key in get_file_status() — formatted next scheduled regeneration time (daily/weekly/instant debounce) for the current site.
Improvement: maybe_schedule_recurring_regen() now returns early on is_network_admin() — prevents the main site’s cron schedule being unnecessarily re-synced on every network admin page load.
Improvement: All four cron methods updated with explicit multisite docblocks confirming per-site safety.
Improvement: WP-CLI handler docblock updated with –url= guidance for per-site usage on multisite networks.
Improvement: delete_file() in the generator guarded against subdomain sub-sites deleting a shared file.
Improvement: Activation hook accepts $network_wide; deactivation clears cron events across all sites.
Improvement: Uninstall iterates all sites; cleans up options, transients, cron, and files per-site.
Improvement: LLMS_Txt_Admin guarded from instantiating in network admin context.
Improvement: get_file_status() returns is_network_activated, is_subdomain_network, file_write_safe, network_overview_url, and next_regen.
Improvement: Validator surfaces info message on subdomain sub-sites confirming rewrite serving is intentional.
Improvement: Admin status panel and multisite notice contextually correct per site type.
Confirmed (docblocked): WP-Cron, option storage, transients, nonces, and capability checks are all natively per-site in multisite. No switch_to_blog() wrapping required in any cron path.
Removed: wp_die() block that previously blocked activation on non-main sites.
1.2.2
New: AI Crawler Analytics — 7-day bot activity bar chart on the Crawler Log tab, showing visit counts per bot. Refreshes without a page reload.
Improvement: Crawler Log tab restructured — analytics card at top, all-time summary below, full visit log at the bottom.
Update: readme.txt updated to reflect all features added in v1.2.x.
Update: Stable tag updated to 1.2.2.
1.2.1
New: Scheduled Regeneration — choose between Instant, Daily, Weekly, or Manual update modes. Daily/Weekly use proper WP-Cron recurring events with next-run time displayed in the UI.
New: Safety Mode — toggle to block generation on validation errors, with an on-demand validation card showing errors, warnings, and a plain-English stats summary.
1.2.0
New: Description Suggestions — one-click fills missing descriptions using a five-step fallback chain. Never overwrites manually-set descriptions.
New: Quality Score footer — every generated file includes a Coverage Report showing quality score %, pages with descriptions, and pages needing attention.
New: Change Detection — admin banner alerts when curated pages have been updated since last generation, with direct Regenerate Now action.
New: Per-page Title Override — set an AI-optimised title for any page without touching on-site SEO.
Improvement: OpenGraph description added as step 4 in the description fallback chain.
1.1.0
New: llms-full.txt generation — full Markdown content for each curated page, per the llmstxt.org spec.
New: AI crawler detection — logs visits from 12 known AI bots with anonymised IPs.
