claude-plugin-wordpress-manager 1.4.0

package/skills/wp-audit/SKILL.md

@@ -0,0 +1,114 @@
+---
+name: wp-audit
+description: This skill should be used when the user asks to "audit my site", "security
+  check", "site health check", "performance check", "SEO audit", "check my WordPress",
+  "is my site secure", "why is my site slow", or mentions any form of WordPress site
+  assessment. Orchestrates security, performance, and SEO audits.
+version: 1.0.0
+---
+
+# WordPress Site Audit Skill
+
+## Overview
+
+Orchestrates comprehensive WordPress site audits across three dimensions: security, performance, and SEO. Can run targeted single-dimension audits or full assessments.
+
+## When to Use
+
+- User asks to audit, check, or assess their WordPress site
+- User reports security concerns or suspicious activity
+- User complains about slow site performance
+- User wants to improve search engine rankings
+- Before major deployments or migrations (pre-flight audit)
+
+## Audit Scope Decision Tree
+
+1. **What type of audit?**
+   - "security" / "is my site hacked?" / "vulnerabilities" → **Security audit only**
+   - "slow" / "performance" / "speed" / "PageSpeed" → **Performance audit only**
+   - "SEO" / "search ranking" / "Google" / "sitemap" → **SEO audit only**
+   - "full" / "audit" / "health check" / unspecified → **Full audit (all three)**
+
+2. **Which site?**
+   - Check `get_active_site` for current site
+   - If user specifies a site, use `switch_site` first
+   - If multiple sites requested, audit sequentially
+
+## Full Audit Workflow
+
+### Step 1: Establish Context
+1. Verify site connectivity via `discover_content_types`
+2. Confirm which site is being audited
+3. Note hosting type (Hostinger / other) for relevant checks
+
+### Step 2: Security Audit
+Delegate to **wp-security-auditor** agent or follow `references/security-checklist.md`:
+- Plugin vulnerability scan
+- User account audit
+- Content integrity check
+- DNS/SSL verification
+- Hosting configuration
+
+### Step 3: Performance Audit
+Delegate to **wp-performance-optimizer** agent or follow `references/performance-checklist.md`:
+- Plugin impact analysis
+- Caching assessment
+- Media optimization check
+- External performance test (PageSpeed)
+- Server configuration
+
+### Step 4: SEO Audit
+Follow `references/seo-checklist.md`:
+- Technical SEO (sitemap, robots.txt, canonical URLs)
+- On-page SEO sampling (meta descriptions, headings, slugs)
+- Content quality indicators
+- Structured data verification
+- Core Web Vitals (from performance phase)
+
+### Step 5: Generate Report
+Combine findings into a unified report with:
+- Overall health score (Critical/Warning/Good)
+- Prioritized action items across all dimensions
+- Quick wins vs long-term improvements
+- Estimated effort for each recommendation
+
+## Report Template
+
+```
+# WordPress Site Audit — [site-name]
+**Date:** [date] | **Scope:** [full/security/performance/seo]
+
+## Overall Health: [CRITICAL/WARNING/GOOD]
+
+| Dimension    | Score     | Critical | High | Medium | Low |
+|-------------|-----------|----------|------|--------|-----|
+| Security    | [status]  | X        | X    | X      | X   |
+| Performance | [status]  | X        | X    | X      | X   |
+| SEO         | [status]  | X        | X    | X      | X   |
+
+## Priority Actions
+1. [Most critical finding + fix]
+2. [Second priority + fix]
+3. [Third priority + fix]
+
+## Detailed Findings
+### Security
+[findings...]
+
+### Performance
+[findings...]
+
+### SEO
+[findings...]
+
+## Quick Wins (< 1 hour effort)
+- [action 1]
+- [action 2]
+```
+
+## Additional Resources
+
+### Reference Files
+- **`references/security-checklist.md`** - WordPress security audit checklist
+- **`references/performance-checklist.md`** - Performance analysis checklist
+- **`references/seo-checklist.md`** - SEO audit checklist

package/skills/wp-audit/references/performance-checklist.md

@@ -0,0 +1,113 @@
+# WordPress Performance Audit Checklist
+
+## 1. Plugin Analysis (HIGH IMPACT)
+
+### Checks
+- [ ] Count active plugins (target: < 20)
+- [ ] Identify known heavy plugins (page builders, social sharing, analytics suites)
+- [ ] Check for redundant plugins (multiple caching, multiple SEO, multiple security)
+- [ ] Identify plugins that load assets on every page (even where not needed)
+- [ ] Count inactive plugins (should be deleted, not just deactivated)
+
+### Known Heavy Plugins
+| Plugin | Impact | Alternative |
+|--------|--------|-------------|
+| Elementor Pro | High (CSS/JS on all pages) | Gutenberg / GenerateBlocks |
+| Jetpack (full) | High (many modules) | Individual lightweight alternatives |
+| Revolution Slider | High (heavy JS/CSS) | Lightweight slider or static hero |
+| WooCommerce | Medium-High (DB queries) | Necessary for e-commerce, optimize with caching |
+| WPML | Medium (DB overhead) | Polylang (lighter) |
+
+## 2. Caching Assessment (HIGH IMPACT)
+
+### Page Caching
+- [ ] Caching plugin active? (WP Rocket, LiteSpeed Cache, W3 Total Cache)
+- [ ] Page cache enabled?
+- [ ] Cache preloading enabled?
+- [ ] Cache exclusions properly configured? (cart, checkout, account pages)
+
+### Browser Caching
+- [ ] Expires headers set for static assets?
+- [ ] Cache-Control headers configured?
+- [ ] Target: images 1 year, CSS/JS 1 month
+
+### Object Caching
+- [ ] Redis or Memcached available on hosting?
+- [ ] Object cache drop-in installed?
+- [ ] Persistent object cache active?
+
+### CDN
+- [ ] CDN configured? (Cloudflare, StackPath, BunnyCDN)
+- [ ] Static assets served via CDN?
+- [ ] CDN cache hit rate acceptable? (>90%)
+
+## 3. Media Optimization (MEDIUM IMPACT)
+
+### Image Checks
+- [ ] WebP format used? (40-60% smaller than JPEG)
+- [ ] Images properly sized? (no 4000px images displayed at 800px)
+- [ ] Lazy loading implemented? (native `loading="lazy"` or plugin)
+- [ ] Responsive srcsets generated?
+- [ ] Largest image on homepage < 200KB?
+
+### Optimization Tools
+- ShortPixel, Imagify, or Smush for automatic compression
+- WebP Express for format conversion
+- Native WordPress 5.8+ generates WebP if supported
+
+## 4. Database Health (MEDIUM IMPACT)
+
+### Checks
+- [ ] Post revisions limited? (recommended: 3-5 max)
+- [ ] Spam comments cleaned? (should be 0)
+- [ ] Trashed items emptied?
+- [ ] Orphaned meta data cleaned?
+- [ ] Transients expired properly?
+- [ ] Autoloaded options size < 1MB?
+
+### wp-config.php Settings
+```php
+define('WP_POST_REVISIONS', 5);
+define('EMPTY_TRASH_DAYS', 7);
+define('AUTOSAVE_INTERVAL', 120);
+```
+
+## 5. Core Web Vitals (HIGH IMPACT for SEO)
+
+### LCP (Largest Contentful Paint) — Target < 2.5s
+- [ ] Hero image optimized and preloaded?
+- [ ] Critical CSS inlined or preloaded?
+- [ ] Server response time (TTFB) < 600ms?
+- [ ] No render-blocking resources above the fold?
+
+### INP (Interaction to Next Paint) — Target < 200ms
+- [ ] JavaScript execution time minimized?
+- [ ] Event handlers efficient?
+- [ ] Third-party scripts deferred?
+- [ ] No long tasks blocking main thread?
+
+### CLS (Cumulative Layout Shift) — Target < 0.1
+- [ ] Images/videos have explicit width/height?
+- [ ] Fonts preloaded (no FOUT/FOIT)?
+- [ ] No dynamically injected content above the fold?
+- [ ] Ad slots have reserved dimensions?
+
+## 6. Server Configuration (MEDIUM IMPACT)
+
+### Checks
+- [ ] PHP version >= 8.1 (8.2/8.3 preferred)
+- [ ] PHP memory limit >= 256MB
+- [ ] Max upload size appropriate
+- [ ] MySQL/MariaDB latest stable
+- [ ] HTTP/2 or HTTP/3 enabled
+- [ ] Gzip/Brotli compression enabled
+- [ ] Keep-alive connections enabled
+
+## 7. Theme Assessment (LOW-MEDIUM IMPACT)
+
+### Checks
+- [ ] Theme is lightweight? (< 1MB total assets)
+- [ ] Theme loads minimal CSS/JS?
+- [ ] Theme is well-coded? (no inline styles, proper enqueueing)
+- [ ] Child theme used? (no direct parent theme modifications)
+- [ ] Unused theme assets removed?

package/skills/wp-audit/references/security-checklist.md

@@ -0,0 +1,95 @@
+# WordPress Security Audit Checklist
+
+## 1. Plugin Security (CRITICAL)
+
+### Checks
+- [ ] List all active and inactive plugins
+- [ ] Verify each plugin is from a trusted source (WordPress.org, reputable vendor)
+- [ ] Check each plugin version against latest available
+- [ ] Search for known CVEs: `[plugin-name] WordPress vulnerability [year]`
+- [ ] Flag plugins not updated in > 12 months
+- [ ] Flag plugins with < 1,000 active installations
+- [ ] Count inactive plugins (should be 0 — delete unused)
+
+### Common Vulnerable Plugins (check specifically)
+- Contact Form 7: ensure latest version
+- WooCommerce: critical for e-commerce sites
+- Elementor: frequent security patches
+- Yoast SEO: moderate risk
+- WPForms: check version
+
+### Red Flags
+- Plugin from unknown/non-WordPress.org source
+- Plugin with no recent updates
+- Plugin requesting excessive permissions
+- Nulled/pirated premium plugins
+
+## 2. User Account Security (HIGH)
+
+### Checks
+- [ ] List all users with `list_users` (context: edit)
+- [ ] Count administrator accounts (should be 1-2 max)
+- [ ] Check for username "admin" (brute force target)
+- [ ] Check for generic usernames (test, demo, admin1)
+- [ ] Verify email addresses are valid and unique
+- [ ] Review user roles (principle of least privilege)
+- [ ] Identify dormant accounts (no posts, no recent login)
+
+### Role Guidelines
+| Role | Who Should Have It |
+|------|-------------------|
+| Administrator | Site owner only (1-2 max) |
+| Editor | Content managers |
+| Author | Regular content creators |
+| Contributor | Guest writers |
+| Subscriber | Registered users |
+
+## 3. Content Integrity (MEDIUM)
+
+### Checks
+- [ ] Review recently modified pages for injected content
+- [ ] Search for suspicious HTML: `<iframe`, `<script`, `eval(`, `base64_decode`
+- [ ] Check for hidden SEO spam (invisible links, cloaked content)
+- [ ] Review comments for spam injection
+- [ ] Check for unauthorized new user accounts
+- [ ] Verify no unexpected custom post types exist
+
+## 4. DNS and Email Security (MEDIUM)
+
+### Checks
+- [ ] SPF record exists: `v=spf1 ... -all`
+- [ ] DKIM record configured
+- [ ] DMARC policy set: `v=DMARC1; p=quarantine` (minimum)
+- [ ] No unexpected A/CNAME records pointing elsewhere
+- [ ] MX records pointing to expected mail server
+- [ ] SSL certificate valid and not expiring soon
+
+## 5. Server Configuration (LOW-MEDIUM)
+
+### Checks (SSH required)
+- [ ] PHP version >= 8.1
+- [ ] wp-config.php permissions: 440 or 400
+- [ ] WP_DEBUG set to false in production
+- [ ] Database table prefix is NOT `wp_`
+- [ ] File editing disabled: `DISALLOW_FILE_EDIT = true`
+- [ ] Directory listing disabled
+- [ ] .htaccess contains security headers
+- [ ] XML-RPC disabled if not needed
+
+### Recommended wp-config.php Settings
+```php
+define('DISALLOW_FILE_EDIT', true);
+define('WP_DEBUG', false);
+define('WP_DEBUG_LOG', false);
+define('WP_DEBUG_DISPLAY', false);
+define('FORCE_SSL_ADMIN', true);
+```
+
+### Recommended .htaccess Security Headers
+```apache
+Header set X-Content-Type-Options "nosniff"
+Header set X-Frame-Options "SAMEORIGIN"
+Header set X-XSS-Protection "1; mode=block"
+Header set Referrer-Policy "strict-origin-when-cross-origin"
+Header set Content-Security-Policy "upgrade-insecure-requests"
+```

package/skills/wp-audit/references/seo-checklist.md

@@ -0,0 +1,128 @@
+# WordPress SEO Audit Checklist
+
+## 1. Technical SEO (CRITICAL)
+
+### Crawlability
+- [ ] robots.txt exists and is valid (`/robots.txt`)
+- [ ] robots.txt allows search engine crawling of key content
+- [ ] XML sitemap exists and is submitted to Google Search Console
+- [ ] Sitemap includes all important pages and posts
+- [ ] No unintentional `noindex` directives on key pages
+- [ ] No orphaned pages (pages with no internal links)
+
+### Indexability
+- [ ] Site is not set to "Discourage search engines" (Settings > Reading)
+- [ ] Important pages return HTTP 200
+- [ ] No duplicate content issues (www vs non-www, HTTP vs HTTPS)
+- [ ] Canonical URLs properly set on all pages
+- [ ] Pagination handled with rel=next/prev or load-more
+
+### URL Structure
+- [ ] Permalinks set to post name (`/%postname%/`)
+- [ ] URLs are clean (no query parameters for content pages)
+- [ ] Slugs are descriptive and include keywords
+- [ ] No excessively long URLs (target < 75 characters)
+- [ ] 301 redirects in place for changed URLs
+
+## 2. On-Page SEO Sampling (HIGH)
+
+### Meta Data (sample 10 most important pages)
+- [ ] Title tag present and unique (50-60 chars)
+- [ ] Title includes primary keyword
+- [ ] Meta description present and unique (120-160 chars)
+- [ ] Meta description includes keyword and CTA
+- [ ] Open Graph tags present (og:title, og:description, og:image)
+- [ ] Twitter Card tags present
+
+### Content Structure
+- [ ] Single H1 per page
+- [ ] H2/H3 hierarchy logical (no skipped levels)
+- [ ] Primary keyword in H1
+- [ ] Secondary keywords in H2/H3
+- [ ] Alt text on all images
+- [ ] Internal links present (2-3 per page minimum)
+- [ ] External links to authoritative sources
+
+### Content Quality
+- [ ] No thin content pages (< 300 words for blog posts)
+- [ ] No duplicate content across pages
+- [ ] Content freshness (key pages updated within last 6 months)
+- [ ] E-E-A-T signals present (author bios, credentials, sources)
+
+## 3. Structured Data (MEDIUM)
+
+### Checks
+- [ ] Organization schema on homepage
+- [ ] BreadcrumbList schema on inner pages
+- [ ] Article schema on blog posts
+- [ ] Product schema on product pages (if e-commerce)
+- [ ] FAQ schema where applicable
+- [ ] LocalBusiness schema (if local business)
+- [ ] Validate with Google Rich Results Test
+
+### Common WordPress Schema Implementations
+- Yoast SEO: automatic schema generation
+- Rank Math: schema module
+- Schema Pro: dedicated schema plugin
+- Manual: JSON-LD in theme header
+
+## 4. Site Performance (for SEO — see also Performance Checklist)
+
+### Core Web Vitals Impact on SEO
+- [ ] LCP < 2.5s (ranking factor since 2021)
+- [ ] INP < 200ms
+- [ ] CLS < 0.1
+- [ ] Mobile-friendly (responsive design)
+- [ ] HTTPS enabled (ranking signal)
+
+### Mobile SEO
+- [ ] Mobile responsive design (no separate mobile site)
+- [ ] Touch targets >= 48px
+- [ ] Font size >= 16px on mobile
+- [ ] No horizontal scrolling
+- [ ] Mobile page speed acceptable
+
+## 5. Local SEO (if applicable)
+
+### Checks
+- [ ] Google Business Profile claimed and optimized
+- [ ] NAP consistency (Name, Address, Phone) across site
+- [ ] LocalBusiness schema with accurate data
+- [ ] Location pages for each service area
+- [ ] Google Maps embed on contact page
+- [ ] Local keywords in title tags and content
+
+## 6. Content Architecture (MEDIUM)
+
+### Taxonomy Assessment
+- [ ] Categories are logical and not too deep (max 2 levels)
+- [ ] No empty categories
+- [ ] No single-post categories (merge or expand)
+- [ ] Tags are used consistently
+- [ ] Taxonomy pages have custom descriptions (not blank)
+- [ ] Category/tag archive pages are indexable
+
+### Internal Linking
+- [ ] Homepage links to key category/pillar pages
+- [ ] Pillar pages link to related cluster content
+- [ ] New content links to existing related content
+- [ ] No broken internal links (404s)
+- [ ] Anchor text is descriptive (not "click here")
+
+## 7. WordPress-Specific SEO Settings
+
+### SEO Plugin Configuration (Yoast/Rank Math/All in One SEO)
+- [ ] XML sitemap enabled and valid
+- [ ] Social profiles configured
+- [ ] Breadcrumbs enabled
+- [ ] Author archives: enabled or disabled intentionally
+- [ ] Date archives: disabled (usually thin content)
+- [ ] Tag archives: noindex if thin content
+- [ ] Media attachment pages: redirected to parent post
+
+### WordPress Settings
+- [ ] Site title and tagline set properly
+- [ ] Permalinks: post name structure
+- [ ] Reading settings: posts page and homepage set correctly
+- [ ] Discussion: comment moderation enabled
+- [ ] Search engine visibility: "Do not discourage" checked

package/skills/wp-backup/SKILL.md

@@ -0,0 +1,87 @@
+---
+name: wp-backup
+description: This skill should be used when the user asks to "backup my site", "create
+  a backup", "restore my site", "disaster recovery", "snapshot", or mentions any form
+  of WordPress backup or restore operation. Provides backup strategies for different
+  hosting environments.
+version: 1.0.0
+---
+
+# WordPress Backup & Recovery Skill
+
+## Overview
+
+Provides comprehensive backup and disaster recovery workflows for WordPress sites. Supports Hostinger-managed backups, SSH-based backups, and content-only exports via API.
+
+## When to Use
+
+- User wants to create a site backup
+- User needs to restore from a backup
+- Before major operations (deploy, migrate, update, plugin changes)
+- User asks about disaster recovery planning
+- Scheduled backup strategy setup
+
+## Backup Method Decision Tree
+
+1. **What hosting type?**
+   - Hostinger VPS → VPS snapshot + file/DB backup
+   - Hostinger shared → File/DB backup via SSH
+   - Other hosting with SSH → SSH-based backup
+   - No SSH access → Content-only export via API
+
+2. **What scope?**
+   - Full site (files + database) → Recommended for disaster recovery
+   - Database only → For content/settings backup
+   - Content only (via API) → For content portability
+   - wp-content only → For themes/plugins/uploads
+
+## Backup Workflow
+
+### Full Site Backup (SSH)
+1. Connect via SSH to the server
+2. Export database: `mysqldump`
+3. Archive wp-content: `tar -czf`
+4. Optionally archive full WordPress root
+5. Download backup files
+6. Verify backup integrity (check file sizes, test extraction)
+7. Store in a safe location
+
+### Content-Only Backup (API)
+1. Use `list_content` to enumerate all content types
+2. Export posts, pages, custom content as JSON
+3. Export taxonomies (categories, tags)
+4. Export media metadata (and optionally download files)
+5. Store as structured JSON backup
+
+### Pre-Operation Backup
+Before any risky operation (deploy, update, migration):
+1. Quick database backup via SSH
+2. Note current plugin versions via `list_plugins`
+3. Document current site state
+4. Proceed with operation only after backup confirmed
+
+## Restore Workflow
+
+1. **Confirm with user**: Restore overwrites current state
+2. **Verify backup**: Check backup files are complete and valid
+3. **Choose method**:
+   - Hostinger: `hosting_importWordpressWebsite` with archive + SQL
+   - SSH: Upload files + import database
+   - API: Re-create content via `create_content`
+4. **Execute restore**
+5. **Verify**: Check site loads, content intact, plugins working
+6. **Clear caches**: Flush all caching layers
+
+## Safety Rules
+
+- ALWAYS confirm with user before restoring (destructive operation)
+- NEVER delete old backups until new backup is verified
+- Keep minimum 3 rolling backups when possible
+- Test restore procedure periodically (don't just create backups)
+- Store backups off-site (not only on the same server)
+
+## Additional Resources
+
+### Reference Files
+- **`references/backup-strategies.md`** - Detailed backup methods and automation
+- **`references/restore-procedures.md`** - Step-by-step restore procedures

package/skills/wp-backup/references/backup-strategies.md

@@ -0,0 +1,116 @@
+# WordPress Backup Strategies
+
+## Full Site Backup via SSH
+
+### Database Export
+```bash
+# Standard mysqldump
+ssh user@host 'mysqldump -u [db_user] -p[db_pass] [db_name] > /tmp/db-backup-$(date +%Y%m%d).sql'
+
+# Compressed
+ssh user@host 'mysqldump -u [db_user] -p[db_pass] [db_name] | gzip > /tmp/db-backup-$(date +%Y%m%d).sql.gz'
+
+# Using wp-cli (if available)
+ssh user@host 'cd /path/to/wordpress && wp db export /tmp/db-backup-$(date +%Y%m%d).sql'
+```
+
+### File Backup
+```bash
+# Full WordPress backup
+ssh user@host 'tar -czf /tmp/wp-full-$(date +%Y%m%d).tar.gz -C /path/to/wordpress .'
+
+# wp-content only (faster, smaller)
+ssh user@host 'tar -czf /tmp/wp-content-$(date +%Y%m%d).tar.gz -C /path/to/wordpress/wp-content .'
+
+# Uploads only (media files)
+ssh user@host 'tar -czf /tmp/uploads-$(date +%Y%m%d).tar.gz -C /path/to/wordpress/wp-content/uploads .'
+```
+
+### Download to Local
+```bash
+# Download backup files
+scp user@host:/tmp/db-backup-*.sql.gz ./backups/
+scp user@host:/tmp/wp-content-*.tar.gz ./backups/
+
+# Clean up server-side temp files
+ssh user@host 'rm /tmp/db-backup-*.sql.gz /tmp/wp-content-*.tar.gz'
+```
+
+## Hostinger-Specific Paths
+
+```bash
+# Database credentials from wp-config.php
+ssh user@host "grep -E 'DB_(NAME|USER|PASSWORD|HOST)' /home/[user]/htdocs/[domain]/wp-config.php"
+
+# Typical Hostinger paths
+WP_ROOT="/home/[username]/htdocs/[domain]"
+WP_CONTENT="$WP_ROOT/wp-content"
+```
+
+## Backup Retention Strategy
+
+### Recommended Schedule
+| Type | Frequency | Retention | Method |
+|------|-----------|-----------|--------|
+| Database | Daily | 7 days | Automated cron + mysqldump |
+| Files | Weekly | 4 weeks | tar + cron |
+| Full site | Monthly | 3 months | Full archive |
+| Pre-deploy | Before each deploy | Until next deploy verified | Manual |
+
+### Storage Locations
+1. **On-server**: Quick restore, but lost if server fails
+2. **Off-server**: Download via SCP to local or cloud storage
+3. **Cloud storage**: S3, Google Cloud Storage, Backblaze B2
+4. **Multiple locations**: Best practice — keep at least 2 copies in different locations
+
+## Backup Verification
+
+After creating a backup, always verify:
+
+1. **File size check**: Backup should be non-zero and reasonable size
+   ```bash
+   ls -lh /tmp/db-backup-*.sql.gz  # DB should be at least a few MB
+   ls -lh /tmp/wp-content-*.tar.gz  # Content varies, usually 100MB+
+   ```
+
+2. **Integrity check**: Test extraction
+   ```bash
+   # Test tar archive
+   tar -tzf backup.tar.gz > /dev/null && echo "Archive OK"
+
+   # Test SQL file (check first/last lines)
+   zcat backup.sql.gz | head -5
+   zcat backup.sql.gz | tail -5
+   ```
+
+3. **Restore test** (periodic): Restore to a staging environment to verify full recoverability.
+
+## Automated Backup Script
+
+```bash
+#!/bin/bash
+# wp-backup.sh — automated WordPress backup
+# Usage: ./wp-backup.sh user@host /path/to/wordpress
+
+SSH_TARGET=$1
+WP_PATH=$2
+DATE=$(date +%Y%m%d_%H%M)
+BACKUP_DIR="./backups/$DATE"
+
+mkdir -p "$BACKUP_DIR"
+
+# Get DB credentials
+DB_NAME=$(ssh $SSH_TARGET "grep DB_NAME $WP_PATH/wp-config.php | cut -d \"'\" -f4")
+DB_USER=$(ssh $SSH_TARGET "grep DB_USER $WP_PATH/wp-config.php | cut -d \"'\" -f4")
+DB_PASS=$(ssh $SSH_TARGET "grep DB_PASSWORD $WP_PATH/wp-config.php | cut -d \"'\" -f4")
+
+# Database backup
+ssh $SSH_TARGET "mysqldump -u $DB_USER -p'$DB_PASS' $DB_NAME | gzip" > "$BACKUP_DIR/database.sql.gz"
+
+# Files backup
+ssh $SSH_TARGET "tar -czf - -C $WP_PATH/wp-content ." > "$BACKUP_DIR/wp-content.tar.gz"
+
+# Verify
+echo "Backup created in $BACKUP_DIR"
+ls -lh "$BACKUP_DIR/"
+```