Pre-update restore points now capture the database incrementally. Instead of re-uploading the entire database on every update, the restore point reuses the unchanged parts of the most recent pre-inspection snapshot and sends only the rows that changed, dramatically reducing the backup phase on large sites. A built-in self-verification step falls back to a full dump whenever anything looks inconsistent, so a restore point is never shipped in a partial state.
Dramatically faster backup archiving before pre-inspections and updates. The previous implementation rewrote the entire archive for every file added, causing quadratic I/O; archives are now built in a single pass, reducing the backup phase from minutes to seconds on sites with thousands of plugin and theme files.
Clearer guidance during the pre-update backup on the update screen. The screen now indicates whether a fast incremental backup (reusing the latest snapshot) or a full backup is in progress, and asks you to keep the tab open until it finishes. This replaces the previous message that incorrectly implied the resumable backup always continued after closing the tab.
Fixed a bug where inspection target URLs with non-ASCII slugs (such as Japanese permalinks) were corrupted on save: percent-encoded characters were stripped during input sanitization, leaving only the ASCII portion of the path. URL input is now sanitized with esc_url_raw(), which preserves percent-encoding.
Canceling a pre-inspection now also stops it on the backend (the staging worker), so you can re-run immediately instead of being blocked by an “a pre-inspection is already running” error. The cancel button is no longer shown during the production update step itself, where the update cannot be safely interrupted.
Large pre-update backups now continue on the server even if you close the browser tab. Previously the resumable backup of a large database was driven by the open admin tab and paused when you navigated away; it now self-drives via background loopback requests, with a scheduled health-check that restarts a stalled run on sites that receive traffic.
Fixed a bug where a plugin that was active before an update could be left deactivated after the update finished. Plugins that were active beforehand are now reactivated once their update completes.
Updates that require a newer PHP or WordPress version than your live site actually runs are now detected on your site and excluded from the update run, instead of being applied and silently breaking the site. The pre-inspection also reports your site’s PHP version and key limits so results better match your real environment.
Updates that could not be inspected (for example, when no inspection result is available) are no longer applied to your production site. Only updates that were actually inspected and verified are included in the update run.
Corrected the consent screen to accurately describe the data sent during a pre-inspection: it now states that your site’s files and database are sent, replacing wording that implied parts containing personal information were excluded.
1.1.3
Updates on every plan now create a restore point (site files and a full database dump) before applying changes, stored in PatchOn cloud storage with a plan-based retention period and downloadable from the update screen for self-service recovery. The consent screen and privacy policy have been updated to cover this storage.
Fixed multiple bugs where a failed update could be misreported as successful, including copy failures during the upgrade, concurrent update runs leaving maintenance mode stuck, stale update caches, and a locale-dependent misclassification on Japanese sites.
The Pro extension required for applying AI repairs can now be installed and activated with one click from the update screen, with clearer guidance when a license is missing or expired.
1.1.2
Removed direct require_once of WordPress core loading files (wp-includes/functions.php, wp-admin/includes/theme.php, wp-admin/includes/misc.php) in response to plugin review feedback.
Disabled autoload for frequently updated options (patchon_update_state, patchon_update_flash, patchon_site_uuid) to reduce per-request overhead.
Escaped all remaining dynamic output (a ternary expression and update/log counts) with esc_html() to comply with the late-escaping convention.
Updated “Tested up to” to WordPress 7.0.
1.1.1
Replaced direct cURL calls in the backup upload path with the WordPress HTTP API (wp_remote_request()), using the official http_api_curl hook to enable streaming uploads of large backup archives without buffering in memory.
1.1.0
Removed file write capabilities (no longer writes to wp-content, mu-plugins, or theme directories). Such writes were moved to the separately distributed PatchOn Agent Pro extension plugin.
Added an explicit consent screen shown on first activation. The plugin now registers your site anonymously after consent, and no account is required to get started.
Added CSRF nonce verification on the connection flow to prevent site hijack via crafted redirect URLs.
Updated plan tiers (Free / Standard / Business) and removed the legacy Enterprise tier from the catalog.
1.0.0
Initial release on the WordPress.org official directory.
