FIX: Pending plugin, theme, and core updates are collected reliably on metrics/cron and manual sync — load wp-admin/includes/plugin.php before update APIs, run wp_version_check before plugin/theme checks; optional forced refresh clears update transients when syncing from MegaManager
FIX: Safer new_version extraction for plugin and theme update rows (object or array update payloads, PHP 8+ compatible)
IMPROVE: Manual sync trigger now forces a fresh update check (send_metrics(true)) so pending updates are not stale
1.2.8
FIX: Remote plugin, theme, and WordPress core updates no longer return success when the upgrader returns false or when the installed version is unchanged after the upgrade attempt
FIX: REST API: debug-log-trim route registers permission_callback correctly; added POST /wpmm/v1/debug-log-clear to empty debug.log without full parse (for large logs, use clear instead of trim)
IMPROVE: Debug log trim safety limit increased from 8 MB to 16 MB; clearer guidance when the file is too large to trim
IMPROVE: Broader debug.log line classification (PHP Error, memory limit, max execution time, uncaught Throwable) for remote monitoring
1.2.7
FEATURE: Auto updates default on for plugins/themes; configurable check interval (15 min / 1 h / 12 h / daily) replaces maintenance window field in connector settings
FEATURE: REST API endpoints for remote diagnostics: PHP error log (/wpmm/v1/php-errors) and debug log trim (/wpmm/v1/debug-log-trim)
FIX: MegaManager API base URL aligned to https://wpmegamanager.com/api/fn with optional WPMM_API_BASE override; External Services readme updated accordingly (replaces legacy Supabase URL in documentation)
FIX: Admin AJAX URL fallback when ajaxurl is undefined (admin bar / cache UI reliability)
FIX: Additional bug fixes and stability improvements across connector operations
1.2.4
FIX: Bug fixes and stability improvements for the connector
COMPLIANCE: readme Contributors list updated
FIX: 1.2.3 changelog clarified (edge function auth headers use X-Site-Secret)
1.2.3
FEATURE: Switch User one-time login token support
FIX: Auto-login now uses REST API switch-user endpoint instead of removed legacy wpmm_autologin
FIX: Edge function auth headers corrected to use X-Site-Secret
1.2.1
COMPLIANCE: Added wpsupporting to Contributors in readme.txt
COMPLIANCE: Removed define(‘FS_METHOD’, ‘direct’) — no longer sets global constant; guides user to wp-config.php instead
COMPLIANCE: Backup manager inline / replaced with wp_register_style/wp_register_script + wp_add_inline_style/wp_add_inline_script via admin_enqueue_scripts hook
COMPLIANCE: Temp backup directory now uses wp_upload_dir() basedir with plugin-slug subfolder (megamanager-connector/) instead of hardcoded WP_CONTENT_DIR path
1.2.0
SECURITY: Removed all sslverify=false from outbound requests; default SSL verification is now used
STABILITY: Fixed is_plugin_active() fatal errors in cron/frontend contexts by adding safe include guard
STABILITY: Bounded disk usage scan (max 50,000 files) and media inventory (max 500 images) to prevent cron timeouts
STABILITY: Wrapped RecursiveIteratorIterator in try/catch for permission-denied safety
CRON: Moved cron_schedules filter into class constructor for reliable early registration
CRON: Ensured five_minutes schedule is always available before wp_schedule_event calls
COMPLIANCE: Fully removed residual handle_autologin() method from plugin code
COMPLIANCE: Updated readme External Services section with heartbeat data details
