claude-plugin-wordpress-manager 2.1.0 → 2.2.0

package/skills/wp-content-repurposing/scripts/repurposing_inspect.mjs

@@ -0,0 +1,140 @@
+/**
+ * repurposing_inspect.mjs — Detect content repurposing readiness for WordPress projects.
+ *
+ * Scans for existing content volume, social media plugins, and email marketing
+ * integrations to assess repurposing potential.
+ *
+ * Usage:
+ *   node repurposing_inspect.mjs [--cwd=/path/to/project]
+ *
+ * Exit codes:
+ *   0 — repurposing-relevant configuration found
+ *   1 — no relevant configuration found
+ */
+
+import { readFileSync, existsSync, readdirSync } from 'node:fs';
+import { join, resolve } from 'node:path';
+import { argv, stdout, exit } from 'node:process';
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function readFileSafe(filePath) {
+  try { return readFileSync(filePath, 'utf-8'); } catch { return null; }
+}
+
+function existsSafe(filePath) {
+  try { return existsSync(filePath); } catch { return false; }
+}
+
+function globDir(dirPath) {
+  try { return readdirSync(dirPath); } catch { return []; }
+}
+
+// ---------------------------------------------------------------------------
+// Detectors
+// ---------------------------------------------------------------------------
+
+function detectSocialPlugins(cwd) {
+  const indicators = [];
+  const plugins = globDir(join(cwd, 'wp-content', 'plugins'));
+  const socialPlugins = [
+    'jetpack', 'blog2social', 'social-auto-poster', 'nextscripts-social',
+    'revive-old-posts', 'social-warfare', 'monarch', 'shareaholic',
+    'add-to-any', 'social-snap', 'novashare',
+  ];
+
+  for (const plugin of plugins) {
+    if (socialPlugins.some(sp => plugin.toLowerCase().includes(sp))) {
+      indicators.push(`social_plugin: ${plugin}`);
+    }
+  }
+
+  return { found: indicators.length > 0, indicators };
+}
+
+function detectEmailPlugins(cwd) {
+  const indicators = [];
+  const plugins = globDir(join(cwd, 'wp-content', 'plugins'));
+  const emailPlugins = [
+    'mailchimp', 'newsletter', 'mailpoet', 'convertkit', 'sendinblue',
+    'brevo', 'constant-contact', 'hubspot', 'activecampaign', 'fluentcrm',
+  ];
+
+  for (const plugin of plugins) {
+    if (emailPlugins.some(ep => plugin.toLowerCase().includes(ep))) {
+      indicators.push(`email_plugin: ${plugin}`);
+    }
+  }
+
+  return { found: indicators.length > 0, indicators };
+}
+
+function detectContentVolume(cwd) {
+  const indicators = [];
+
+  // Check for wp-content/themes (WordPress presence indicator)
+  if (existsSafe(join(cwd, 'wp-content', 'themes'))) {
+    indicators.push('wordpress_detected');
+  }
+
+  // Check for XML export files (content volume indicator)
+  const rootFiles = globDir(cwd);
+  for (const file of rootFiles) {
+    if (/\.xml$/i.test(file) && /export|wordpress/i.test(file)) {
+      indicators.push(`xml_export: ${file}`);
+    }
+  }
+
+  return { found: indicators.length > 0, indicators };
+}
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+function main() {
+  const cwdArg = argv.find(a => a.startsWith('--cwd='));
+  const cwd = cwdArg ? resolve(cwdArg.split('=')[1]) : process.cwd();
+
+  const social = detectSocialPlugins(cwd);
+  const email = detectEmailPlugins(cwd);
+  const content = detectContentVolume(cwd);
+
+  const hasRelevantSetup = social.found || email.found || content.found;
+
+  const recommendations = [];
+
+  if (!social.found) {
+    recommendations.push('No social media plugins detected — consider Blog2Social or Jetpack Social for automated sharing');
+  }
+  if (!email.found) {
+    recommendations.push('No email marketing plugins detected — consider MailPoet or FluentCRM for newsletter integration');
+  }
+  if (content.found) {
+    recommendations.push('WordPress content detected — use wp-content-strategist agent to select and repurpose existing content');
+  }
+  if (social.found && email.found) {
+    recommendations.push('Social + email plugins detected — ideal setup for multi-channel content repurposing');
+  }
+
+  const report = {
+    tool: 'repurposing_inspect',
+    version: '1.0.0',
+    timestamp: new Date().toISOString(),
+    cwd,
+    found: hasRelevantSetup,
+    areas: {
+      social_plugins: social,
+      email_plugins: email,
+      content_volume: content,
+    },
+    recommendations,
+  };
+
+  stdout.write(JSON.stringify(report, null, 2) + '\n');
+  exit(hasRelevantSetup ? 0 : 1);
+}
+
+main();

package/skills/wp-headless/SKILL.md

@@ -166,3 +166,4 @@ Read: `references/webhooks.md`
 - Astro WordPress integration: https://docs.astro.build/en/guides/cms/wordpress/
 - For REST endpoint development, use the `wp-rest-api` skill
 - For authentication security, use the `wp-security` skill
+- For webhook configuration and management, use the `wp-webhooks` skill

package/skills/wp-monitoring/SKILL.md

@@ -3,8 +3,9 @@ name: wp-monitoring
 description: This skill should be used when the user asks to "monitor my site", "set up
   uptime checks", "performance baseline", "health report", "security scanning schedule",
   "content integrity check", "alerting", "reporting", "trend analysis", "is my site up",
-  "site health over time", or mentions any form of ongoing WordPress monitoring and
-  observability. Orchestrates uptime, performance, security, and content monitoring.
+  "site health over time", "fleet monitoring", "all sites", "cross-site comparison",
+  "network health", or mentions any form of ongoing WordPress monitoring and
+  observability. Orchestrates uptime, performance, security, content, and fleet monitoring.
 version: 1.0.0
 ---
 
@@ -40,6 +41,7 @@ Provides strategies and procedures for continuous WordPress monitoring across fi
    - "content changed" / "broken links" / "spam" → Content integrity (Section 4)
    - "alert me" / "notify" / "threshold" → Alerting strategies (Section 5)
    - "report" / "weekly summary" / "dashboard" → Reporting templates (Section 6)
+   - "fleet" / "all sites" / "network health" / "cross-site" → Fleet monitoring (Section 7)
    - "full monitoring" / "set up everything" → All sections, start with detection
 
 2. **Run detection first:**
@@ -98,6 +100,13 @@ See `references/reporting-templates.md`
 - Quarterly trend analysis
 - Executive dashboard format
 
+### Section 7: Fleet Monitoring
+See `references/fleet-monitoring.md`
+- Cross-site health iteration using `list_sites` + `switch_site`
+- Fleet-wide pattern detection (correlated issues)
+- Fleet comparison reports
+- Site grouping and fleet baselines
+
 ## Reference Files
 
 | File | Content |
@@ -108,6 +117,7 @@ See `references/reporting-templates.md`
 | `references/content-integrity.md` | Change detection, link checking, spam |
 | `references/alerting-strategies.md` | Thresholds, escalation, notification channels |
 | `references/reporting-templates.md` | Daily/weekly/monthly report templates |
+| `references/fleet-monitoring.md` | Fleet iteration, cross-site comparison, fleet reports |
 
 ## Recommended Agent
 

package/skills/wp-monitoring/references/fleet-monitoring.md

@@ -0,0 +1,160 @@
+# Fleet Monitoring
+
+## Overview
+
+Fleet monitoring extends single-site health checks to multiple WordPress installations. Instead of monitoring one site at a time, fleet monitoring iterates over all configured sites, collects per-site metrics, and aggregates them into a unified fleet view for cross-site comparison and pattern detection.
+
+## Core Concept
+
+```
+# Fleet iteration pattern using MCP tools
+for site in $(list_sites); do
+  switch_site $site
+  # run monitoring procedures...
+done
+```
+
+The fleet approach enables:
+- **Aggregate visibility** — see all sites' health at a glance
+- **Cross-site comparison** — identify outliers and common issues
+- **Pattern detection** — spot correlated problems across the fleet
+- **Fleet baselines** — track fleet-wide averages over time
+
+## Fleet Health Report Template
+
+```
+## Fleet Health Report
+**Date:** [date] | **Sites:** [count] | **Scope:** [full / quick]
+
+### Fleet Overview
+| Site | Uptime | Performance | Security | Content | Overall |
+|------|--------|-------------|----------|---------|---------|
+| [site-1] | [pass/warn/fail] | [pass/warn/fail] | [pass/warn/fail] | [pass/warn/fail] | [pass/warn/fail] |
+| [site-2] | [pass/warn/fail] | [pass/warn/fail] | [pass/warn/fail] | [pass/warn/fail] | [pass/warn/fail] |
+
+### Fleet Summary
+- **Healthy sites:** X/N
+- **Degraded sites:** X/N (list)
+- **Critical sites:** X/N (list)
+
+### Cross-Site Patterns
+[findings or "No cross-site patterns detected"]
+
+### Fleet Recommendations (Priority Order)
+1. [Fleet-wide action]
+2. [Site-specific action]
+```
+
+## Cross-Site Pattern Detection
+
+Fleet monitoring's key advantage is detecting patterns invisible at the single-site level:
+
+### Same Plugin Vulnerability Across Sites
+- If a vulnerable plugin version appears on multiple sites, escalate as a fleet-wide P0
+- Prioritize patching by exposure (public-facing sites first)
+
+### Fleet-Wide Performance Regression
+- Correlated TTFB spikes across sites on the same host suggest a hosting or CDN issue
+- Compare performance deltas: if all sites regress simultaneously, root cause is likely shared infrastructure
+
+### Identical Outdated WordPress Core Versions
+- Track core version across the fleet
+- Flag sites running the same outdated version for batch updates
+
+### Common Configuration Drift
+- Compare wp-config.php settings across sites
+- Detect inconsistencies in debug settings, cron configuration, or security constants
+- Flag sites that have drifted from the fleet baseline
+
+## Fleet Baseline
+
+### Capturing Baselines
+
+Establish a baseline for each site individually, then compute fleet averages:
+
+1. **Per-site baseline**: Run Procedures 3-6 for each site, recording all metrics with timestamps
+2. **Fleet averages**: Calculate mean/median for key metrics (TTFB, LCP, plugin count, admin users)
+3. **Fleet thresholds**: Set fleet-wide thresholds based on averages + acceptable deviation
+
+### Tracking Fleet Averages
+
+| Metric | Fleet Avg | Fleet Median | Best | Worst | Threshold |
+|--------|-----------|--------------|------|-------|-----------|
+| TTFB | Xms | Xms | [site] Xms | [site] Xms | < 600ms |
+| LCP | X.Xs | X.Xs | [site] X.Xs | [site] X.Xs | < 2.5s |
+| Active Plugins | X | X | [site] X | [site] X | < 20 |
+| Admin Users | X | X | [site] X | [site] X | varies |
+
+### Baseline Refresh
+
+- Refresh individual site baselines monthly
+- Recalculate fleet averages after each refresh
+- Flag sites that deviate > 20% from fleet average
+
+## Site Grouping Strategies
+
+Organize fleet sites into logical groups for targeted monitoring and reporting:
+
+### By Environment
+| Group | Description | Monitoring Frequency |
+|-------|-------------|---------------------|
+| Production | Live customer-facing sites | Every 5 minutes (uptime), daily (full) |
+| Staging | Pre-production testing | Hourly (uptime), weekly (full) |
+| Development | Local/dev environments | On-demand only |
+
+### By Purpose
+| Group | Description | Focus Areas |
+|-------|-------------|-------------|
+| Blog | Content-heavy editorial sites | Content integrity, SEO health |
+| Shop | WooCommerce e-commerce sites | Uptime, performance, security |
+| Landing | Marketing landing pages | Uptime, performance |
+| Corporate | Company information sites | Content integrity, security |
+
+### By Hosting
+| Group | Description | Pattern Detection |
+|-------|-------------|-------------------|
+| Shared Host A | Sites on same shared hosting | Correlated performance issues |
+| VPS Cluster | Sites on same VPS | Resource contention detection |
+| Managed WP | Sites on managed WordPress hosting | Provider-specific issue detection |
+
+## Scheduling: Fleet Scan Frequency
+
+| Scan Type | Frequency | Scope | Duration Estimate |
+|-----------|-----------|-------|-------------------|
+| Quick uptime | Every 5 min | HTTP status + response time | ~2s per site |
+| Standard health | Daily | Uptime + performance + security | ~30s per site |
+| Full fleet audit | Weekly | All procedures (3-6) per site | ~2min per site |
+| Baseline refresh | Monthly | Full audit + baseline update | ~3min per site |
+
+### Scheduling Recommendations
+- Stagger scans to avoid overwhelming shared infrastructure
+- Run quick uptime checks in parallel; full audits sequentially
+- Schedule full audits during low-traffic windows
+- Allow 10% buffer time for network delays
+
+## Escalation: Fleet-Wide P0
+
+A fleet-wide P0 is triggered when multiple sites are affected simultaneously:
+
+### P0 Criteria
+- **3+ production sites** with the same critical issue
+- **All sites on a host** showing performance degradation > 50%
+- **Known exploited vulnerability** present on any production site
+- **Data breach indicators** on any site
+
+### P0 Response Procedure
+1. **Immediate**: Alert all stakeholders (do not wait for full fleet scan to complete)
+2. **Triage**: Identify affected sites and group by root cause
+3. **Isolate**: If security incident, recommend isolating affected sites
+4. **Delegate**: Hand off to `wp-security-auditor` (security) or `wp-site-manager` (infrastructure)
+5. **Track**: Monitor remediation progress across all affected sites
+6. **Post-mortem**: After resolution, update fleet baselines and document findings
+
+### Severity Matrix
+| Affected Sites | Impact | Severity |
+|----------------|--------|----------|
+| 1 site, non-production | Low | P3 |
+| 1 production site | Medium | P2 |
+| 2 production sites | High | P1 |
+| 3+ production sites | Critical | P0 |
+| All sites (any env) | Critical | P0 |

package/skills/wp-monitoring/scripts/monitoring_inspect.mjs

@@ -193,6 +193,52 @@ function detectContentIntegrity(cwd) {
   return indicators.length > 0 ? { found: true, indicators } : { found: false };
 }
 
+function detectFleetConfiguration() {
+  const indicators = [];
+
+  // Check WP_SITES_CONFIG environment variable
+  const sitesConfig = process.env.WP_SITES_CONFIG;
+  if (sitesConfig) {
+    try {
+      const sites = JSON.parse(sitesConfig);
+      if (Array.isArray(sites) && sites.length > 1) {
+        indicators.push(`multi_site_config: ${sites.length} sites`);
+      } else if (Array.isArray(sites) && sites.length === 1) {
+        indicators.push('single_site_config');
+      }
+    } catch {
+      // Not valid JSON, might be a file path
+      indicators.push('sites_config_present');
+    }
+  }
+
+  // Check for sites.json file
+  if (existsSafe(join(process.cwd(), 'sites.json'))) {
+    const content = readFileSafe(join(process.cwd(), 'sites.json'));
+    if (content) {
+      try {
+        const sites = JSON.parse(content);
+        if (Array.isArray(sites) && sites.length > 1) {
+          indicators.push(`sites_json: ${sites.length} sites`);
+        }
+      } catch { /* ignore */ }
+    }
+  }
+
+  const siteCount = indicators.find(i => i.startsWith('multi_site_config'))
+    ? parseInt(indicators.find(i => i.startsWith('multi_site_config')).split(': ')[1])
+    : indicators.find(i => i.startsWith('sites_json'))
+      ? parseInt(indicators.find(i => i.startsWith('sites_json')).split(': ')[1])
+      : 0;
+
+  return {
+    found: indicators.length > 0,
+    indicators,
+    site_count: siteCount,
+    fleet_monitoring_possible: siteCount > 1,
+  };
+}
+
 // ---------------------------------------------------------------------------
 // Main
 // ---------------------------------------------------------------------------
@@ -206,8 +252,9 @@ function main() {
   const security = detectSecurityScanning(cwd);
   const logging = detectLogging(cwd);
   const contentIntegrity = detectContentIntegrity(cwd);
+  const fleet = detectFleetConfiguration();
 
-  const hasMonitoring = uptime.found || performance.found || security.found || logging.found || contentIntegrity.found;
+  const hasMonitoring = uptime.found || performance.found || security.found || logging.found || contentIntegrity.found || fleet.found;
 
   const recommendations = [];
 
@@ -232,6 +279,11 @@ function main() {
   if (logging.found && logging.indicators.includes('debug_log_exists')) {
     recommendations.push('debug.log file exists — ensure it is not publicly accessible');
   }
+  if (fleet.fleet_monitoring_possible) {
+    recommendations.push(`Fleet monitoring available — ${fleet.site_count} sites configured. Use Procedure 7 for cross-site health checks.`);
+  } else if (!fleet.found) {
+    recommendations.push('No multi-site configuration detected — configure WP_SITES_CONFIG with multiple sites for fleet monitoring');
+  }
   if (!hasMonitoring) {
     recommendations.push('No monitoring setup found — use wp-monitoring skill to establish a baseline');
   }
@@ -248,6 +300,7 @@ function main() {
       security,
       logging,
       content_integrity: contentIntegrity,
+      fleet,
     },
     recommendations,
   };

package/skills/wp-webhooks/SKILL.md

@@ -0,0 +1,107 @@
+---
+name: wp-webhooks
+description: This skill should be used when the user asks to "set up webhooks",
+  "notify external service on publish", "connect WordPress to Zapier",
+  "webhook integration", "event notifications", "content sync webhook",
+  "WooCommerce webhook", "outbound notifications", or mentions automating
+  WordPress event propagation to external services.
+version: 1.0.0
+---
+
+# WordPress Webhooks Skill
+
+## Overview
+
+WordPress webhooks are outbound HTTP notifications triggered by site events. When content is published, an order is placed, or a user registers, WordPress sends a JSON payload to a configured URL. This enables real-time integration with external services without polling.
+
+## When to Use
+
+- User wants WordPress to notify external services on content/order/user events
+- User needs to connect WordPress to Zapier, Make (Integromat), or n8n
+- User wants WooCommerce order/product event notifications
+- User needs headless CMS revalidation webhooks
+- User asks about webhook security (secrets, signatures)
+
+## Webhooks vs REST API Polling
+
+| Approach | Webhooks | Polling |
+|----------|----------|---------|
+| Trigger | Event-driven (push) | Schedule-driven (pull) |
+| Latency | Near real-time | Depends on interval |
+| Resource usage | Low (only on events) | High (constant requests) |
+| Reliability | Needs retry logic | Simple but wasteful |
+| Best for | Integrations, sync | Batch processing |
+
+## Decision Tree
+
+1. **What kind of webhook?**
+   - "WooCommerce webhook" / "order notification" / "product webhook" → WooCommerce webhooks (Section 1)
+   - "content published" / "post webhook" / "page updated" → WordPress core webhooks (Section 2)
+   - "headless revalidation" / "ISR trigger" / "cache invalidation" → Headless webhooks (Section 3)
+   - "Zapier" / "Make" / "n8n" / "Slack notification" → Integration recipes (Section 4)
+   - "webhook security" / "secret" / "signature" → Webhook security (Section 5)
+
+2. **Run detection first:**
+   ```bash
+   node skills/wp-webhooks/scripts/webhook_inspect.mjs [--cwd=/path/to/project]
+   ```
+   This identifies existing webhook configurations and plugins.
+
+## Webhook Areas
+
+### Section 1: WooCommerce Webhooks
+See `references/woocommerce-webhooks.md`
+- WooCommerce webhook API (wc/v3/webhooks)
+- Available topics: order.created, product.updated, customer.created, etc.
+- MCP tools: `wc_list_webhooks`, `wc_create_webhook`, `wc_update_webhook`, `wc_delete_webhook`
+- Webhook status management and delivery logs
+
+### Section 2: WordPress Core Webhooks
+See `references/wordpress-core-webhooks.md`
+- Action hooks for outbound notifications (mu-plugin approach)
+- Key hooks: `transition_post_status`, `edited_term`, `user_register`
+- `wp_remote_post()` usage patterns
+- wp-config.php constants for webhook URLs
+
+### Section 3: Headless Webhooks
+Cross-reference: `wp-headless` skill → `references/webhooks.md`
+- ISR revalidation triggers
+- Tag-based cache invalidation
+- WPGraphQL Smart Cache integration
+
+### Section 4: Integration Recipes
+See `references/integration-recipes.md`
+- Zapier, Make (Integromat), n8n workflows
+- Slack channel notifications
+- Email service triggers (Mailchimp, SendGrid)
+- CDN purge (Cloudflare, Fastly)
+- Search index updates (Algolia, Meilisearch)
+
+### Section 5: Webhook Security
+See `references/webhook-security.md`
+- HMAC-SHA256 shared secret authentication
+- WooCommerce webhook signature verification
+- HTTPS enforcement and IP allowlisting
+- Rate limiting and timeout configuration
+
+## Payload Formats
+See `references/payload-formats.md`
+- Standard JSON payload structure
+- WooCommerce payload examples
+- Custom payload formatting
+
+## Reference Files
+
+| File | Content |
+|------|---------|
+| `references/woocommerce-webhooks.md` | WC webhook API, topics, MCP tools, delivery logs |
+| `references/wordpress-core-webhooks.md` | Action hooks, mu-plugin, wp_remote_post patterns |
+| `references/integration-recipes.md` | Zapier, Make, n8n, Slack, CDN purge recipes |
+| `references/payload-formats.md` | JSON payloads, WC examples, custom formatting |
+| `references/webhook-security.md` | HMAC-SHA256, signatures, HTTPS, rate limiting |
+
+## Related Skills
+
+- **`wp-headless`** — headless revalidation webhooks and ISR triggers
+- **`wp-woocommerce`** — WooCommerce store operations (webhook source events)
+- **`wp-cicd`** — CI/CD webhooks for deployment triggers