=== Rabbit SEO === Contributors: rabbitseo Tags: seo, rabbitseo, optimization, application password, rest api Requires at least: 5.6 Tested up to: 7.0 Requires PHP: 7.4 Stable tag: 1.2.9 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Connect WordPress to Rabbit SEO with an embedded workspace, Application Password connection, and REST API access. == Description == Rabbit SEO links your WordPress site to [Rabbit SEO](https://www.rabbitseo.com) so you can: * Open the Rabbit SEO workspace inside WordPress Admin (account created automatically from your WP admin email) * Automatically embed the Rabbit SEO frontend script using your website GUID * Allow Rabbit SEO to read pages and posts over the WordPress REST API * Push site snapshots for audits when Cloudflare blocks public crawlers This plugin never asks for your main WordPress login password. When you connect, it creates a WordPress Application Password named "Rabbit SEO" and sends it once to Rabbit SEO over HTTPS. == Installation == 1. Install **Rabbit SEO** from Plugins → Add New, or upload the ZIP. 2. Activate the plugin. 3. Open the **Rabbit SEO** menu — the workspace loads in this window and creates or opens your account. 4. Complete welcome onboarding (3 cards) if prompted. 5. Connection starts automatically once the plugin is detected (Application Password is created and linked for you). A site snapshot is then pushed so Rabbit SEO can optimize without public scraping. You can also start from rabbitseo.com: install the plugin — Rabbit SEO finishes linking automatically when it detects the active plugin. Local development tip: define `RABBITSEO_APP_BASE_URL` in `wp-config.php` (for example `http://localhost:8080`) to point at a local Rabbit SEO server. == Privacy / data disclosure == When you open the workspace, Rabbit SEO receives your WordPress admin email and site URL to create or log in your account. After you approve the Application Password connection, Rabbit SEO also receives: * Site URL, home URL, REST API URL * WordPress username * One-time Application Password (stored encrypted by Rabbit SEO; never saved by this plugin) * Website GUID, WordPress version, plugin version, connection ID * Snapshot HTML for connected pages (outbound from your WordPress server) for Cloudflare-safe audits This plugin stores only non-secret connection metadata locally (GUID, connection ID, Application Password UUID, script settings). Your main WordPress password is never requested or stored. == Frequently Asked Questions == = Why do I need HTTPS? = WordPress Application Passwords require a secure environment on production sites. = Why is Connect required? = Connect links Rabbit SEO to your site with an Application Password and enables snapshot sync. Without it, Cloudflare or bot protection can block public page scans. Connect is required for Auto Fix, publishing, and reliable audits. When the plugin is active, Rabbit SEO starts this link automatically. = Does this overwrite Yoast / Rank Math / AIOSEO? = No. Rabbit SEO metadata is stored under `_rabbitseo_*` keys and does not silently overwrite third-party SEO plugin fields. = Can I disable the script without disconnecting? = Yes. Use the script checkbox on the Rabbit SEO admin page. == Changelog == = 1.2.9 = * Rebinds website GUID / onPageOpt.js when reconnecting after a Rabbit SEO site was deleted and re-added. * Purges page caches on connect and disconnect so script changes apply immediately. = 1.2.8 = * Fixes duplicate “Rabbit SEO” rows on Plugins screen (only rabbitseo.php is a plugin entry now). = 1.2.7 = * Loads onPageOpt.js from the Rabbit SEO CDN so connected sites actually apply optimizations (fixes www.rabbitseo.com 404 for rabbitseo-wp.js). * Rewrites legacy www script URLs to CloudFront automatically. = 1.2.6 = * Hardens WordPress Admin auto login/signup: registers the install with Rabbit SEO before opening the workspace (with retries). * Refreshes install registration on admin load so known Rabbit SEO emails open inside WP Admin without a password prompt. * Warns in WP Admin when Rabbit SEO cannot be reached for install registration. = 1.2.5 = * On activate/deactivate, purge LiteSpeed and other common page caches so Rabbit SEO detects the plugin immediately. * Adds a public `/wp-json/rabbitseo/v1/ping` discovery route and no-cache headers on plugin REST responses. = 1.2.4 = * Existing Rabbit SEO accounts open from WordPress Admin without a password (install-signed SSO). * Adds this WordPress site as another website under that account when the plan allows. * New emails still auto-signup; claim page offers sign-in or create a new account as a fallback. = 1.2.3 = * Auto-connect: a valid Rabbit SEO connect token links the site immediately (no second Approve click). * Workspace auto-starts connect when the plugin is installed but not yet linked. = 1.2.2 = * Connect is required (not optional) for Auto Fix, publish, and Cloudflare-safe snapshot audits. * Clearer WordPress Admin messaging and install steps for Connect → Approve → Sync. * Direct plugin-information install deep link from Rabbit SEO (exact slug, one Install Now). = 1.2.1 = * Signed iframe login when already connected (HMAC with per-site shared secret). * Safer soft-create path for first install. = 1.2.0 = * Plugin-first workspace: embed Rabbit SEO in WordPress Admin (no new window). * Auto-register / login from the current WordPress admin email and site URL. * Compact WordPress connection strip for App Password sync controls. = 1.1.0 = * Outbound site snapshot sync to Rabbit SEO (HMAC signed) for Cloudflare-safe audits. * Sync now control, daily safety sync, and publish/update/delete incremental updates. * Snapshot shared secret established during Approve and Connect. = 1.0.0 = * Initial production release. * Secure Application Password connection flow. * Frontend script embed with approved CDN allowlist. * REST read endpoints for status, pages, and SEO metadata. == Upgrade Notice == = 1.2.2 = Connect WordPress from the workspace after install so Auto Fix and Cloudflare-safe audits work.