Fix: one-time recovery of SEO titles, descriptions and other strings that were left in the source language after an earlier translation-engine outage. Before 1.9.27 a connection timeout could permanently flag pending strings as failed; those rows stayed excluded from the queue even after the engine recovered. On upgrade the plugin now requeues them automatically (runs once), so previously stuck translations complete on the next translation cycles. No action required.
Fix: API keys, JWT auth tokens and hash/digest strings (e.g. on account or API-key pages) are no longer queued for translation. They were never translatable, so the engine kept rejecting them and they piled up in the pending list. They are now detected and stored as-is, keeping the queue and the “pending strings” notice clean. Guarded so real text — including non-Latin scripts — is never affected.
1.9.27
Fix: on translated pages the <title> could render empty and <html lang> could stay on the default language when an SEO plugin (e.g. Rank Math) built the document head before the language context was active. The output buffer now rewrites <html lang> to the current language and rebuilds an empty/missing <title> from the translated title, so search engines never see a blank title on a translated page.
Fix: fatal TypeError in the Rank Math sitemap integration (rankmath_sitemap_url() received an array, not a string) that could break the Rank Math sitemap and its hreflang alternates. The handler now accepts both, matching the SEOPress integration.
Fix: the 503 “translation pending” page could fatal (and serve a raw 503 error instead of the friendly template) when triggered from the render layer, because it started a new output buffer inside the page output buffer. The pending page is now built as a string and renders correctly in every context.
Fix: a temporary translation-engine outage (connection timeout or server error) no longer counts against a string’s retry limit. Previously a few minutes of downtime could permanently flag pending strings as failed, leaving them in the source language even after the engine recovered. Transient failures are now retried indefinitely; only genuine per-string rejections count toward the limit.
Fix: hardened the background translator against a missing source-language setting that could throw a fatal error on every cron run and silently stop all translation; it now falls back to the default source language.
1.9.26
Doc: improved the WordPress.org listing title, tags and short description for better discoverability (no functional changes).
1.9.25
SEO: the real composite page title (Post – Site – Tagline), og:title and meta description are now fetched from the rendered page and translated proactively in the background batch, before the first visit — so search engines and social previews never see an English title on a translated page. A render-side gate holds a secondary-language page at 503 while its <title> is still untranslated, with a fail-open grace period so a title that never translates can’t strand the page.
Fix: homepage redirect loop on sites served over both www and non-www. Automatic language detection now reads the visitor’s current language from a host-agnostic signal instead of the rewritten request URI, so www. secondary-language pages no longer bounce in a redirect loop.
Fix: cookie-consent notice mistranslated in Urdu (ur) — the translation engine rendered “cookies” as پکوان (“food dishes”). A per-language term lock now forces the correct word (کوکیز) so the notice translates correctly, with a safeguard that falls back cleanly if the engine corrupts the protected term.
1.9.24
UI: fixed vertical alignment of dashicons inside admin buttons on the plugin settings page.
Doc: refreshed screenshots and captions for every plugin tab on the WordPress.org listing.
1.9.23
Fix: WooCommerce Blocks cart / checkout — product short descriptions now translate correctly. WC Blocks pre-renders the cart server-side via a hydration path that bypasses the REST response filter; the plugin now hooks woocommerce_hydration_request_after_callbacks so hydrated responses are translated alongside live Store API calls.
Fix: WooCommerce Blocks Summary truncation — product short descriptions in cart / checkout are no longer clipped to ~15 characters on locales whose WordPress translation breaks the Word count type. Do not translate! hint (e.g. pt_BR returning “palavras”). Both the server-side _x() value and the client-side wp.i18n translation file entry are now sanitised back to a valid value.
Fix: Store API translation — WC Blocks calls /wc/store/v1/* without a language URL prefix from the localized React bundle. The plugin now falls back to HTTP_REFERER to detect the visitor’s current language so Store API responses match the page they were requested from.
Doc: readme repositioned to make clear the plugin is free and fully usable in manual mode; the Transleti API (automatic translation) is now described as optional.
Doc: trial messaging updated to reflect that the 7-day API trial no longer requires a card or payment method. After the trial, the API stops automatically unless you subscribe and the plugin keeps working in manual mode for free.
1.9.22
Fix: per-language progress no longer gets stuck below 100% on mixed-script content. Dictionary rows now retire after 3 failed translation attempts (mirroring the existing gettext mechanism), so untranslatable strings stop blocking the percentage indicator.
1.9.21
Fix: visual editor — clicks on theme menu items (GeneratePress, Astra, Divi, Elementor Pro mega-menus, etc.) now open the translation panel reliably. Listener moved to window capture + pointerdown so theme menu togglers that call stopPropagation() can no longer swallow the selection click.
1.9.20
Fix: visual editor now detects menu items in Hebrew, Greek, Hindi, Thai, Georgian and Armenian (menu translation now bails during preview so the renderer can add translatable markers regardless of script).
Fix: visual editor — clicking on a string with duplicated text on the same page (e.g. a heading and a menu link with the same label) now opens the translation panel for the selected occurrence.
Fix: ignore RSS feed pubDate/lastBuildDate strings in the “stuck translations” notice.
Improvement: automatic cleanup of orphan sentence segments left over from long-paragraph batching.
1.9.x
New: visual translation editor — click any text in the rendered front-end and edit its translation in a live side panel. Works on menus, buttons, image alts and theme strings.
New: 49+ languages supported via the Transleti translation API.
New: HTML entity and shortcode protection across all translation entry points.
New: “Do not translate” word list (brand names, product codes, acronyms).
New: SEO meta translation for SEOPress, Yoast, AIOSEO and RankMath.
Compliance: wrapped language_has_translations() and find_original_slug() direct $wpdb probes with wp_cache_get / wp_cache_set (5-minute TTL, transleti cache group).
Compliance: documented every legitimate direct DB call against core meta tables with phpcs:ignore comments explaining why the existing core API can’t replace them.
1.4.2
Hardening: escaped flag-emoji output in the language switcher shortcode (render_switcher, render_language_list) via esc_html().
Hardening: every ob_start() callback buffer is now explicitly closed via a paired ob_end_flush() registered through register_shutdown_function() in the same function scope (frontend page buffer, AJAX response buffer, sitemap xhtml-namespace buffer).
1.2.1
Hardening: replaced fopen/fread/fclose with WP_Filesystem::get_contents() for the diagnostic log reader.
Hardening: switched all custom-table existence checks to $wpdb->prepare( ‘SHOW TABLES LIKE %s’, … ) (no more single-quote interpolation).
Hardening: switched several $_POST reads on HTML-bearing fields to wp_kses_post( wp_unslash( … ) ); integer reads now use absint( wp_unslash( … ) ).
Hardening: added explicit nonce checks (check_admin_referer/wp_nonce_url) to the string-export download link.
Compliance: removed redundant load_plugin_textdomain() call (WP 4.6+ auto-loads translations from the WP.org directory).
Compliance: documented every legitimate direct-DB query (custom plugin tables) with localised phpcs:disable/enable blocks.
1.2.0
Compliance: removed comparative/superlative marketing phrasing from the readme.
Hardening: all $_GET / $_POST / $_SERVER / $_COOKIE reads now go through wp_unslash() plus a context-appropriate sanitiser (sanitize_text_field, esc_url_raw).
Hardening: AJAX nonce check in ajax_empty_language() now unslashes and sanitises the nonce before passing it to wp_verify_nonce().
1.0.6
Removed redundant load_plugin_textdomain() call — translations are now auto-loaded by WordPress 4.6+ for plugins hosted in the directory.
Switched front-end language redirect from wp_redirect() to wp_safe_redirect() for additional protection against open-redirect attempts.
Defense-in-depth: explicit allowlist validation for the language storage key before SQL identifier interpolation in the cache-clearing endpoint.
Packaging: included a .pot template in languages/ so the Domain Path folder is present in the distributed package.
1.0.5
New: separate <url> entry per language in the sitemap, matching Google’s documented hreflang format.
