MCP Content Manager Premium 2.1.x

The development of this version has cost 1,100 euros. The accumulated cost for this year is 5,200 euros. The accumulated cost since the first version is 5,200 euros, but the cost for you is only the license of 30€.

New version 2.1.x of the plugin MCP Content Manager Premium for WordPress and WooCommerce.

Versions of the branch

• 2.1.0
• 2.1.1

2.1.0

Cleanup of Hacked Sites — Diagnosis

• New: Unified security assessment with a weighted score of 0-100 in 6 categories (mcm/security-assessment).
• New: Core file integrity verification against official checksums from wordpress.org (mcm/verify-core-integrity).
• New: Scanning of ALL files and directories in the root with risk classification (high/medium/low) — not just PHP files.
• New: High-risk files in the root (.php, .exe, .js, .sh) marked for administrator review with content inspection option.
• New: Low-risk files in the root (.ini, .log, .txt, .html) identified as likely harmless server configurations.
• New: Scanning wp-content/ for malware patterns — eval/base64, backdoors, PHP in uploads (mcm/scan-content-malware).
• New: Database scanning for injections — scripts, iframes, hidden spam, pharma hack, fraudulent admins (mcm/scan-database-malware).
• New: Verification of installed plugins against the WordPress.org Plugins API (mcm/verify-plugins).
• New: .htaccess analysis for malicious redirects, SEO cloaking, auto_prepend injections (mcm/check-htaccess).
• New: Scanning and classification of all wp-content directories — cache, legitimate, unknown (mcm/scan-content-dirs).
• New: Configurable whitelists of trusted domains for script/iframe classification (admin + filters).

Cleanup of Hacked Sites — Remediation

• New: Empty all known cache directories and rename drop-in cache files for clean regeneration (mcm/clear-cache).
• New: Replace all core files with clean versions from wordpress.org and remove injected files (mcm/clean-core).
• New: Regenerate the 8 security salts in wp-config.php and audit user_roles (mcm/regenerate-salts).
• New: Generate a complete security cleanup report as a private draft (mcm/generate-cleanup-report).
• New: Time Machine snapshot automatically created before any destructive cleanup operation.

Generic Abilities

• New: Delete WordPress users with content reassignment (mcm/delete-user).
• New: Unschedule cron events by hook name (mcm/unschedule-cron).
• New: Delete WordPress options with protected blocklist (mcm/delete-option).

Administration Interface

• New: Security tab with configurable whitelists of trusted domains for iframes/scripts.
• New: Integrated domains shown with badge, user-added domains with delete button.
• New: "How to connect your AI assistant" card in the OAuth tab with MCP server URL and step-by-step instructions.

OAuth — Gemini CLI Compatibility

• Fix: The field resource of the OAuth Protected Resource Metadata now returns the URL of the MCP server endpoint according to RFC 9728, instead of home_url(). Gemini CLI validates this strictly.
• Fix: The Dynamic Client Registration now accepts redirect URIs http://localhost according to RFC 8252 (OAuth for Native Applications), allowing CLI tools like Gemini CLI to complete the OAuth flow.
• Dev: Added filter mcm_oauth_resource_url for sites with custom routes from the MCP adapter.

Security

• Important: All diagnostic abilities are 100% read-only — no files or data are modified.
• Important: All destructive abilities require explicit confirmation from the administrator through the AI agent.
• Important: Findings in the database are NEVER automatically cleaned — the administrator reviews each finding with edit links.
• Important: The agent warns about the requirement for a full backup before any cleanup procedure.

2.1.1

OAuth — Gemini CLI Compatibility

• Fix: The field resource of the OAuth Protected Resource Metadata now returns the URL of the MCP server endpoint according to RFC 9728, instead of home_url(). Gemini CLI validates this strictly.
• Fix: The Dynamic Client Registration now accepts redirect URIs http://localhost according to RFC 8252 (OAuth for Native Applications), allowing CLI tools like Gemini CLI to complete the OAuth flow.
• Dev: Added filter mcm_oauth_resource_url for sites with custom routes from the MCP adapter.

OAuth — WAF Proxy

• New: OAuth discovery routed through the proxy api.joseconti.com to avoid WAF blocks (SiteGround). Disableable via the constant MCM_OAUTH_PROXY_URL.
• New: All OAuth flows (discovery, DCR, token exchange, refresh) go through the proxy for license validation. MCP traffic goes directly to the site.
• Dev: Added filter mcm_oauth_proxy_url for custom proxy routing.

OAuth — nginx Compatibility

• Fix: Static files .well-known/oauth-protected-resource and .well-known/oauth-authorization-server automatically created for hosts with nginx reverse proxies (SiteGround, Cloudways) that block requests .well-known/ before reaching WordPress.
• Fix: .well-known/.htaccess routes OAuth metadata requests through WordPress on Apache hosts for correct headers of Content-Type and CORS.
• Fix: Files are only written to disk when the content changes (write_file_if_changed), avoiding unnecessary I/O on every page load.

You can acquire the license for MCP Content Manager Premium on the product page.

Please leave this field empty

¡No te pierdas las novedades!

Acepto apuntarme a la lista de correo para estar al día de todas las novedades.

¡No hacemos spam! y te puedes dar de baja cuando quieras

Revisa tu bandeja de entrada o la carpeta de spam para confirmar tu suscripción.