RankOak Connect

1.3.6

• Review compliance: move admin modal CSS/JS from raw <style>/<script> output to proper admin_enqueue_scripts assets.
• Remove inline style attributes from plugin admin markup and style them in the enqueued stylesheet.

1.3.5

• Plugin Check: sanitize $_SERVER[‘HTTPS’] with sanitize_text_field after wp_unslash.

1.3.4

• Plugin Check: use wp_delete_file() instead of unlink(); sanitize $_SERVER usage for HTTPS/admin notice; readme short description ≤150 characters.

1.3.3

• API key modal: RankOak green styling (backdrop, header gradient, buttons, focus rings) aligned with rankoak.com brand colors.

1.3.2

• After generating or regenerating a key, show a full-screen modal with copy button and clear security copy (no easy-to-miss admin notice only).
• Clearer plugin header and readme description for RankOak + WordPress.

1.3.1

• REST publish: optional tags array mapped to WordPress post tags (wp_set_post_tags).

1.3.0

• Breaking change: Replaces the previous OAuth + application password exchange with a plugin API key flow (generate in wp-admin, paste in RankOak).
• REST: GET /wp-json/rankoak/v1/me and POST /wp-json/rankoak/v1/posts (Bearer or X-RankOak-Key); keys stored with wp_hash_password.
• Admin: top-level RankOak Connect menu; nonces on generate/revoke; no unauthenticated $_GET connection parameters.
• Removes programmatic WP_Application_Passwords::create_new_application_password usage.
• Uninstall: remove new options and transients.

1.2.2

• uninstall.php: wrap in prefixed function; PHPCS ignore for required SELECT-by-prefix during uninstall

1.2.1

• readme: Tested up to 6.9 (directory requirement)
• Remove load_plugin_textdomain (WordPress.org loads translations automatically)
• uninstall: delete transients via delete_option instead of raw SQL

1.2.0

• Security: require a nonce-protected POST confirmation before creating an application password (CSRF mitigation)
• Capability: connection and settings restricted to manage_options
• Add uninstall cleanup for options and OAuth transients
• Add GPLv2 license block in the main plugin file; load textdomain; basic REST rate limiting on exchange
• Readme: External services disclosure for WordPress.org directory compliance

1.1.0

• Public ping endpoint for connection detection
• Auto-save RankOak app origin on first successful OAuth redirect
• Packaging improvements

1.0.0

• Initial release