| 开发者 |
lukeaxiomflow
freemius |
|---|---|
| 更新时间 | 2026年7月17日 11:22 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
wp upgrade-pilot scan, status and reportwp upgrade-pilot scan --format=json and wp upgrade-pilot report --format=jsonGET /wp-json/upgrade-pilot/v1/report, available to administrators (the manage_options capability; super admins on a network)--format=json and the REST endpoint are part of the free version and are not gated, metered or licence-checked.
The digest email is free. The free version already emails you, the site administrator, immediately when a plugin is closed or flagged, and a daily digest of everything else. What Pro adds is sending the readiness summary to other people - your client - on a schedule you pick, and telling you when a send fails.
The weekly re-scan is free, and on by default. What Pro adds is running it daily or twice daily.
Multisite is free, in full. Upgrade Pilot installs network-wide, stores its data once, is managed by a super admin from the Network Admin screens, and a freeze holds across the whole network. What Pro adds on a network is the Network Overview screen described above - not multisite itself.
Freezing a plugin by hand is free too. What Pro adds is doing it automatically, on a policy.
Every paid tier includes every feature; tiers differ only by how many sites your licence covers. On a network, each subsite counts as one of those sites, and you activate the licence once from Network Admin to cover them all.
Pro is a separate download, not an in-place upgrade. When you buy or start a trial you download the Pro build and upload it like any other plugin; it installs alongside this free copy, and activating it switches the free copy off for you. Your settings, scan history and freeze list carry over untouched.
No, not by default, and never silently. Upgrade Pilot ships with nothing frozen. It changes no update behaviour at all until you personally decide to hold one specific plugin, which you would typically do right after it tells you that plugin just changed owners or was closed on WordPress.org. When you do freeze a plugin:
Because ownership changes are invisible in your dashboard, and they change who can push code to your site. A plugin can be sold, or hand a new maintainer commit access, and the next automatic update arrives looking exactly like every previous one. Upgrade Pilot exists to put a name and a date on that moment, so you can decide whether to let the update through.
Run the readiness report. It checks your server against the requirements WordPress itself reports, cross-references every plugin and theme against its WordPress.org record, and scans your plugins' PHP code for anything modern PHP removed.
No. The code scan processes files in small time-sliced batches with hard budgets, driven from your browser while you watch and by WP-Cron in the background. Oversized and vendored files are skipped, and that is disclosed in the results rather than hidden.
No. The code scan runs entirely on your own server. See the External services section above for the complete list of what leaves your site, which is only public plugin slugs.
It means the finding came from reading your code rather than from a definitive fact, and might be a false positive: code behind a version check, a dead branch, or a bundled polyfill can all trigger one. Advisory findings never turn your verdict red on their own, and you can suppress any that you have checked.
Yes. Network activate it, and it is managed by a super admin from the Network Admin menu. Because a network shares one copy of each plugin's files, Upgrade Pilot keeps one set of data for the whole network rather than one per subsite, which also means it makes the same small number of requests to WordPress.org whether your network has three sites or three hundred. Freezing a plugin holds its automatic updates across the network, since there is only one copy of the file.
Free support is the WordPress.org support forum for this plugin. I am one person, and I read every thread. Licence holders also get a private email channel with me, which is the right place for anything you would rather not post in public: client site details, server configuration, or a scan result that shouldn't be pasted into a forum. The address is shown inside the plugin once a licence is active.
show_deactivation_feedback_form filter; deactivation is one click and sends nothing. The External services list stays at four situations, and now it is exact.manage_options), the digest wording notes informational events stay in the UI, and the minified-files list gains assets/js/nojquery.ba-postmessage.js.$wpdb->prepare() rather than assembled into a variable first. Functionally identical - every value was always bound - but the variable form made Plugin Check report a line that read like an SQL-injection finding, and that is not worth leaving in a security report, however safe it is.www.google-analytics.com/analytics.js) and a checkout library (checkout.freemius.com/checkout.js). The analytics one loaded even for people who had explicitly skipped the opt-in, which is exactly the person who has said they do not want to be tracked. Both are gone. Found by loading every one of the plugin's screens in a real browser and reading the network log, rather than by reading the PHP - the previous audit logged only what the server sent, and a script the browser is told to fetch is invisible to that. Every admin screen this plugin can show now makes zero third-party requests.show_trial filter. The only place this plugin mentions Pro is the Reports & Automation screen, which you only see if you click it.wp upgrade-pilot scan --format=json previously refused to emit JSON unless a Pro-only filter switched it on, even though the report had already been assembled locally a few lines earlier. That gate is gone. The report is encoded and returned, for everyone.wp upgrade-pilot report now accepts --format=json too. Previously only scan took a format, which meant the only way to get JSON was to re-run a full scan.wp upgrade-pilot scan --format=json | jq . parses. They previously shared STDOUT with the payload.GET /wp-json/upgrade-pilot/v1/report is now part of the free version. It returns the same document as the CLI, over one shared schema (upgrade-pilot/report@1). It is protected by the same capability check as the admin screens: any user who can manage plugins can read it, and an anonymous request is refused.