WPMC PLUGIN SEATBELT
WPMC Plugin Seatbelt is a WordPress plugin trust monitor for administrators who want more confidence before installing, keeping, activating, or updating plugins. It scans installed plugins, identifies their source, checks available repository metadata, and highlights changes that may deserve attention.
The plugin can detect WordPress.org plugins, WPMC repository plugins, unknown sources, unavailable repository checks, author changes, contributor changes, abandoned plugins, and updates that should be reviewed before applying. For plugins distributed through the WPMC repository, it can read signed release metadata and show whether the repository information was verified.
The newer admin workspace also includes Plugin Footprint and Activation Receipts. Footprint review shows likely plugin-related admin menus, options, custom database tables, cron events, post types, taxonomies, capabilities, and assets without exposing private option values. Activation Receipts summarize what changed after a plugin was activated.
WPMC Plugin Seatbelt is designed as a lightweight admin safety layer. It does not replace normal security tools, but it helps site owners notice suspicious, unexpected, or simply important plugin changes earlier.
Older plugin versions:
WPMC Plugin Seatbelt
WPMC Plugin Seatbelt helps WordPress administrators review plugin trust before updates, after activations, and during regular maintenance. It combines repository checks, source verification, footprint discovery, activation receipts, contextual tooltips, and a dedicated admin workspace.
Dedicated Admin Workspace
Seatbelt now has its own top-level WordPress admin menu instead of living inside the default Settings area. The workspace is divided into four real screens: Plugin Trust, Plugin Footprint, Activation Receipts, and Settings.
- Plugin Trust lists installed plugins with source, repository, update, severity, and diagnostic details.
- Plugin Footprint summarizes likely admin menus, options, tables, cron events, post types, taxonomies, capabilities, and receipt status.
- Activation Receipts store before-and-after activation evidence when newly activated plugins create WordPress objects.
- Settings control scan thresholds, alerts, footprint tracking, low-confidence matches, and receipt retention.
Admin Screen Mockup
This mockup mirrors the current plugin workflow and uses demo data only. It shows the real screen structure, table headings, severity labels, action buttons, and settings groups available inside WordPress.
WPMC Seatbelt
Top-level WordPress admin menu
Plugin Trust Review
Review repository availability, source signals, update state, and risk messages before maintenance work.
| Plugin | Status | Severity | Installed Version | Repository Version | Last Updated | Source | Update | Details |
|---|---|---|---|---|---|---|---|---|
| Example SEO Toolkit example-seo/example-seo.php |
OK | OK | 3.2.1 | 3.2.1 | 2026-05-18 | WordPress.org | No update | No current review signals. |
| Payment Gateway Pro pay-gateway-pro/pay.php |
Update available | Update needed | 2.4.0 | 2.5.1 | 2026-06-02 | Private repository | Available: 2.5.1 | Review update notes before installing. |
| Legacy Importer legacy-importer/plugin.php |
Not found | Critical | 1.8.7 | – | – | Unknown source | No update | Repository metadata is unavailable. |
Plugin Footprint Overview
Best-effort detected WordPress objects| Plugin name | Plugin file | Source status | Admin menus | Options | Tables | Cron | Post types | Taxonomies | Capabilities | Receipt status | Action |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Payment Gateway Pro | pay-gateway-pro/pay.php | Private repository | 2 | 7 | 3 | 1 | – | – | 4 | Current footprint | |
| Members Cabinet | members-cabinet/main.php | WPMC repository | 1 | 11 | 4 | 2 | 1 | 2 | 6 | Receipt exists |
Activation Receipts
Before-and-after records from plugin activation| Date/time | Plugin name | Plugin file | Activated by | Detected changes | Risk summary | Action |
|---|---|---|---|---|---|---|
| 2026-06-27 16:04 | Members Cabinet | members-cabinet/main.php | admin | 24 | Noticeable | |
| 2026-06-26 11:22 | SVG Buttons | svg-buttons/plugin.php | admin | 3 | Quiet |
Seatbelt Settings
Scan thresholds, footprint tracking, and receipt retentionTrust Review
Plugin scan behaviorPlugin Footprint
Detected WordPress objectsActivation Receipts
Activation evidencePlugin Trust Review
The trust screen scans installed plugins and compares local plugin data with repository information when available. It shows installed version, repository version, last updated date, source status, update availability, and diagnostic messages in one table.
- Update needed is displayed as its own severity when a plugin has an available update without warning or critical trust risk.
- Warnings and critical signals remain focused on source, repository, abandonment, and metadata problems.
- The standard WordPress plugins list can link suspicious update notices directly to the Seatbelt review screen.
- Contextual tooltips explain page headings and table columns directly in the admin UI.
Plugin Footprint
Footprint discovery helps administrators understand what a plugin appears to add to WordPress. It can summarize likely admin menus, options, custom database tables, cron events, post types, taxonomies, capabilities, and assets. The system is deliberately careful: values, secrets, tokens, license keys, and serialized option contents are not shown.
Activation Receipts
Activation Receipts capture compact before-and-after records around plugin activation. They are useful when a newly activated plugin creates tables, options, scheduled tasks, roles, capabilities, or other WordPress objects that deserve immediate review.
Settings
The Settings screen gives administrators practical control over the review experience. They can tune the abandoned-plugin threshold, enable email alerts, turn footprint and receipt tracking on or off, choose which footprint categories are displayed, include or hide low-confidence matches, and set receipt retention.
Why It Matters
Plugin updates are normal, but plugin source and ownership can change over time. A plugin may disappear from a repository, move to another maintainer, become abandoned, or arrive from a source that is difficult to verify. WPMC Plugin Seatbelt helps administrators notice those signals earlier and make better maintenance decisions.
Important note: WPMC Plugin Seatbelt is a monitoring and review tool. It does not guarantee that any plugin is safe, and it does not replace backups, malware scanning, code review, or other WordPress security practices.
