wp-manager-pro/v1 namespace.
Base URL: https://example.com/wp-json/wp-manager-pro/v1
All endpoints require a valid WordPress nonce passed in the
X-WP-Nonce header and the manage_options capability (WordPress Administrator role).Request format
Request bodies should be sent as JSON (Content-Type: application/json) unless an endpoint accepts file uploads, in which case use multipart/form-data.
Response format
All responses are JSON. Successful responses include an HTTP2xx status code. Error responses include a code and message field.
Common error responses
| Status | Meaning |
|---|---|
400 | Bad request — missing or invalid parameters |
401 | Not authenticated — nonce missing or invalid |
403 | Insufficient permissions or protected resource |
404 | Resource not found |
500 | Server-side error |
All endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | /dashboard | Site stats & health |
| GET | /plugins | List all plugins |
| POST | /plugins/activate | Activate plugin |
| POST | /plugins/deactivate | Deactivate plugin |
| DELETE | /plugins/delete | Delete plugin |
| POST | /plugins/install | Install from WP.org |
| GET | /plugins/search | Search WP.org |
| POST | /plugins/upload | Upload plugin ZIP |
| GET | /plugins/export | Create plugin ZIP export |
| GET | /plugins/download | Stream plugin ZIP download |
| POST | /plugins/update | Update plugin to latest version |
| POST | /plugins/install-version | Install specific plugin version |
| GET | /themes | List all themes |
| POST | /themes/activate | Activate theme |
| DELETE | /themes/delete | Delete theme |
| POST | /themes/install | Install from WP.org |
| GET | /themes/search | Search WP.org |
| POST | /themes/upload | Upload theme ZIP |
| GET | /themes/export | Create theme ZIP export |
| GET | /themes/download | Stream theme ZIP download |
| POST | /themes/update | Update theme to latest version |
| POST | /themes/install-version | Install specific theme version |
| GET | /files | List directory contents |
| GET | /files/read | Read file content |
| POST | /files/write | Write file content |
| DELETE | /files/delete | Delete file or directory |
| POST | /files/mkdir | Create directory |
| POST | /files/upload | Upload file to directory |
| POST | /files/rename | Rename file or folder |
| GET | /database/tables | List database tables |
| GET | /database/table-data | Browse table rows |
| POST | /database/search-replace | Search & replace |
| POST | /database/optimize | Optimize tables |
| POST | /database/query | Run SQL query |
| POST | /database/row | Insert table row |
| PUT | /database/row | Update table row |
| DELETE | /database/row | Delete table row |
| GET | /database/export | Export table as SQL dump |
| GET | /system | System information |
| GET | /maintenance | Maintenance status & appearance settings |
| POST | /maintenance/toggle | Toggle maintenance + save settings |
| POST | /maintenance/settings | Save appearance settings without toggling |
| GET | /users | List users |
| POST | /users/change-role | Change user role |
| POST | /users/login-as | Generate login-as token |
| DELETE | /users/delete | Delete user |
| POST | /users/rename | Rename user login |
| GET | /notes | List notes |
| POST | /notes | Create note |
| PUT | /notes/{id} | Update note |
| DELETE | /notes/{id} | Delete note |
| GET | /debug | Debug status |
| POST | /debug/toggle | Toggle debug constants |
| GET | /debug/log | Read error log |
| DELETE | /debug/log/clear | Clear error log |
| GET | /images/settings | Image settings |
| POST | /images/settings | Save image settings |
| POST | /images/regenerate | Regenerate thumbnails |
| POST | /images/convert | Batch convert images to WebP/AVIF |
| GET | /images/convert-stats | Conversion stats (total/converted/remaining) |
| DELETE | /images/convert | Delete all sidecar files for a format |
| GET | /reset/status | Get content counts |
| POST | /reset/execute | Execute site reset |
| GET | /security | Admin URL protection status |
| POST | /security/admin-url | Enable/update custom login slug |
| DELETE | /security/admin-url | Disable admin URL protection |
| GET | /cron/events | List all scheduled cron events |
| POST | /cron/run | Trigger a cron event immediately |
| DELETE | /cron/event | Delete / unschedule a cron event |
| GET | /cron/schedules | List all registered schedules |
| POST | /cron/schedules | Create a custom schedule |
| DELETE | /cron/schedules | Delete a custom schedule |
| GET | /cron/health | Cron health status and real-cron hints |
| GET | /media/overview | Stats: total attachments, uploads size, orphaned/unused/duplicate counts |
| GET | /media/orphaned | List attachments with missing physical files |
| DELETE | /media/orphaned | Bulk delete orphaned attachments by ID array |
| GET | /media/unused | List unattached, unreferenced attachments with thumbnails |
| DELETE | /media/unused | Bulk delete unused attachments by ID array |
| GET | /media/duplicates | Group attachments by MD5 hash; returns wasted-space totals |
| DELETE | /media/duplicate | Delete a single duplicate attachment |
| GET | /media/compress-candidates | List JPEG/PNG attachments with file sizes |
| POST | /media/compress | Re-compress one attachment; returns before/after sizes |
| GET | /security/overview | All security feature states in one call |
| POST | /security/limiter | Save login limiter settings |
| GET | /security/lockouts | List lockout log entries |
| DELETE | /security/lockouts | Clear all lockout log entries |
| POST | /security/lockouts/unlock | Unlock a specific IP |
| GET | /security/ip-blocklist | List blocked IPs |
| POST | /security/ip-blocklist | Add IP or CIDR to blocklist |
| DELETE | /security/ip-blocklist | Remove IP from blocklist |
| POST | /security/hardening | Save XML-RPC / hide-version settings |
| POST | /security/integrity | Run core file integrity check |
| GET | /security/2fa | Get 2FA status for current user |
| POST | /security/2fa/setup | Generate TOTP secret + QR URL |
| POST | /security/2fa/verify | Verify code and activate 2FA |
| DELETE | /security/2fa | Disable 2FA for current user |
| GET | /snippets | List snippets |
| POST | /snippets | Create snippet |
| PUT | /snippets/{id} | Update snippet |
| POST | /snippets/{id}/toggle | Toggle snippet enabled state |
| DELETE | /snippets/{id} | Delete snippet |
| GET | /redirects | List redirects |
| POST | /redirects | Create redirect |
| PUT | /redirects/{id} | Update redirect |
| DELETE | /redirects/{id} | Delete redirect |
| POST | /redirects/export | Export redirects as CSV |
| GET | /redirects/download | Download CSV export |
| POST | /redirects/import | Import redirects from CSV |
| GET | /email/settings | SMTP settings |
| POST | /email/settings | Save SMTP settings |
| POST | /email/test | Send test email |
| GET | /email/log | Email log |
| DELETE | /email/log/clear | Clear email log |
| GET | /backup | List backups |
| POST | /backup/create | Create backup |
| POST | /backup/download | Prepare backup for download |
| GET | /backup/serve | Stream backup file |
| DELETE | /backup/delete | Delete backup |
| GET | /backup/schedule | Get scheduled backup config |
| POST | /backup/schedule | Save scheduled backup config |
| GET | /settings | Get branding settings |
| POST | /settings | Save branding settings |
| GET | /audit | Audit log entries |
| DELETE | /audit/clear | Clear audit log |
| POST | /audit/export | Export audit log as CSV |
| GET | /audit/download | Download CSV export |
| GET | /audit/action-types | Available action type filters |
| GET | /developer/hooks | Browse all WordPress hooks |
| GET | /developer/rest-routes | List all registered REST routes |
| POST | /developer/rest-request | Proxy an authenticated REST request |
| POST | /developer/generate | Generate dummy posts/pages/users/products |
| GET | /developer/dummy-stats | Count dummy-tagged items |
| DELETE | /developer/dummy | Delete all dummy-tagged items |
| GET | /developer/rewrite-test | Test URL against rewrite rules |
| GET | /developer/cache-keys | Browse object cache keys by prefix |
| GET | /developer/cache-value | Get a specific cache key value |
| DELETE | /developer/cache-key | Delete a specific cache key |
| GET | /developer/prefix-info | Get current DB prefix + table list |
| POST | /developer/change-prefix | Rename database table prefix |
| GET | /scanner/file | Read file content around a flagged line |
| DELETE | /scanner/file | Delete a flagged file |
| POST | /scanner/quarantine | Move file to wmp-quarantine/ directory |
| POST | /scanner/ignore | Add file to scanner ignore list |
| GET | /scanner/ignored | List ignored files |
| DELETE | /scanner/ignored | Remove file from ignore list |
| GET | /scanner/malware | Run malware scan |
| GET | /scanner/vulns | Check plugin/theme vulnerabilities (WPScan) |
| GET | /scanner/ssl | SSL certificate check |
| GET | /scanner/core | WordPress core version check |
| GET | /scanner/api-key | Get WPScan API key (masked) |
| POST | /scanner/api-key | Save WPScan API key |
| GET | /content/post-types | List public post types |
| GET | /content/authors | List users with edit_posts capability |
| GET | /content/posts | Paginated post list with filters |
| POST | /content/posts/bulk-edit | Bulk edit post status or author |
| POST | /content/posts/duplicate | Duplicate a post as a draft |
| GET | /content/scheduled | List all scheduled posts |
| GET | /content/options | Paginated wp_options table |
| GET | /content/options/{name} | Get a single option value |
| POST | /content/options | Update an option |
| DELETE | /content/options | Delete an option |
| GET | /dev-tools/wp-config | Read wp-config.php constants |
| POST | /dev-tools/wp-config | Update a wp-config.php constant |
| GET | /dev-tools/htaccess | Read .htaccess content |
| POST | /dev-tools/htaccess | Write .htaccess content |
| GET | /dev-tools/phpinfo | PHP configuration info |
| GET | /dev-tools/query-monitor | Database queries for this request |
| GET | /dev-tools/environment | Server environment variables |
| POST | /dev-tools/environment | Set a runtime environment variable |
| GET | /performance/overview | Object cache, transient, and DB stats |
| GET | /performance/transients | Paginated transient list |
| DELETE | /performance/transients | Delete a transient |
| POST | /performance/transients/purge-expired | Purge all expired transients |
| POST | /performance/cleanup | Run database cleanup operations |
| GET | /performance/object-cache | Object cache diagnostics |
| POST | /performance/object-cache/flush | Flush the object cache |
| POST | /performance/object-cache/drop-in | Install/update/remove cache drop-in |
| GET | /updates/available | List pending plugin/theme/core updates |
| GET | /updates/changelog | Changelog for a specific item |
| POST | /updates/run | Run one or more updates |
| POST | /updates/rollback | Roll back an update |
| GET | /updates/history | Update history log |
| DELETE | /updates/history/clear | Clear update history |
| GET | /updates/scheduled | List scheduled update jobs |
| POST | /updates/schedule | Schedule an update |
| POST | /updates/schedule/cancel | Cancel a scheduled update |
| GET | /updates/check-self | Check for WP Manager Pro self-update |
| GET | /agency/mail-settings | Mail interceptor settings and log |
| GET | /agency/mail-log | Paginated mail log |
| DELETE | /agency/mail-log/clear | Clear mail log |
| POST | /agency/mail-resend | Resend a logged email |
| GET | /agency/login-page | White-label login page settings |
| POST | /agency/login-page | Save login page settings |
| GET | /agency/admin-customiser | Admin UI visibility settings |
| POST | /agency/admin-customiser | Save admin UI settings |
| GET | /agency/report | Generate client health report |
| GET | /agency/coming-soon | Coming soon page settings |
| POST | /agency/coming-soon | Save coming soon settings |
| DELETE | /agency/coming-soon/emails/clear | Clear captured email subscribers |
| POST | /plugins/check-updates | Force-check for plugin updates |
| POST | /plugins/bulk-activate | Bulk activate plugins |
| POST | /plugins/bulk-deactivate | Bulk deactivate plugins |
| DELETE | /plugins/bulk-delete | Bulk delete plugins |
| POST | /plugins/bulk-update | Bulk update plugins |
| POST | /themes/check-updates | Force-check for theme updates |
| GET | /settings/export | Export plugin settings as JSON |
| POST | /settings/import | Import plugin settings from JSON |
| GET | /settings/export-wp-xml | Export WordPress content as XML |
Endpoint groups
Dashboard
Site stats, health info, and recent activity.
Plugins
List, activate, install, update, and export plugins.
Themes
List, activate, install, update, and export themes.
Files
Browse, read, write, upload, and manage server files.
Database
Browse tables, run queries, search & replace, and export SQL.
Users
List users, change roles, login-as, delete, and rename.
Maintenance
Toggle maintenance mode and manage appearance settings.
Debug
Read and toggle WP_DEBUG constants and the error log.
Images
WebP/AVIF conversion, thumbnail regeneration, and sidecar management.
Security
Admin URL protection, login limiter, IP blocklist, integrity check, and 2FA.
Cron
Manage scheduled events and custom cron schedules.
Media
Orphaned, unused, duplicate media cleanup and compression.
Snippets
Create and manage PHP/CSS/JS code snippets.
Redirects
301/302/307/308 redirect CRUD with CSV import/export.
SMTP configuration, test email, and email log.
Backup
Manual and scheduled SQL backups.
Audit
Plugin, theme, user, and post event log.
Developer
Hook explorer, REST tester, dummy data, rewrite rules, cache browser.
Scanner
Malware scan, vulnerability check, SSL monitor, and file actions.
Settings
Plugin branding/white-label settings.
Content
Bulk post editor, duplicator, scheduled posts, and wp_options.
Dev Tools
wp-config.php, .htaccess, PHP info, query monitor, environment.
Updates
Update manager with history, rollback, and scheduling.
Agency
Mail interceptor, login page, admin customiser, client reports, coming soon.
Performance
Object cache, transients, DB cleanup, and cache drop-in.