wp-manager-pro/v1) that requires the manage_options capability on every route.
Architecture
WP Manager Pro is split into two layers:- React 19 frontend — a single-page application compiled with Vite 6 and TypeScript 5.7, bundled to
assets/build/index.js. It runs inside the standard WordPress admin shell and communicates exclusively through the plugin’s REST API. - PHP REST API backend — 96 endpoints registered under the
wp-manager-pro/v1namespace. Each endpoint is handled by a dedicated PHP controller class loaded by the singletonWP_Manager_Pro\Pluginbootstrap.
wp_localize_script with the API base URL and a WordPress nonce, so every fetch call is pre-authenticated without any extra configuration.
Features
Plugin Manager
Install, activate, update, and export plugins. Browse WordPress.org and install any version from the version history dialog.
Theme Manager
Manage installed themes, activate, update, install from WordPress.org, and export ZIPs.
File Manager
Full filesystem browser with Monaco Editor (VS Code engine) for syntax-highlighted in-browser editing.
Database Manager
Browse tables, edit rows, run read-only SQL queries, search & replace, optimize, and export SQL dumps.
User Manager
Manage users, change roles, rename login usernames, and use secure admin impersonation (Login As).
Security Suite
Five-tab suite: admin URL protection, login limiter, IP blocklist, WordPress core integrity check, and TOTP two-factor authentication.
Security Scanner
Malware scanner, vulnerability checks via WPScan CVE API, SSL certificate monitor, and core version check.
Maintenance Mode
Toggle a styled maintenance page with gradient presets, emoji icon picker, countdown timer, and live preview pane.
Image Tools
WebP and AVIF conversion on upload, batch processing, thumbnail regeneration, and SVG support with server-side sanitization.
Agency Tools
Mail interceptor, white-label login page, admin UI customiser, client report generator, and coming soon mode.
Developer Utilities
Hook explorer, REST API tester, dummy data generator, rewrite rules tester, object cache browser, and database prefix changer.
Cron Manager
View, trigger, and delete cron events. Add custom schedules and monitor cron health.
Media Manager
Find and remove orphaned, unused, and duplicate media files. Re-compress JPEG and PNG attachments in bulk.
Code Snippets
Run custom PHP, CSS, and JavaScript from the dashboard using Monaco Editor with per-snippet enable/disable toggle.
Database Backup
Full or table-specific SQL dumps via the browser, with scheduled backups via WP Cron and configurable retention.
Debug Tools
Toggle WP_DEBUG constants directly in
wp-config.php, view and filter the error log, and clear it with one click.Requirements
| Requirement | Minimum |
|---|---|
| WordPress | 5.9+ |
| PHP | 7.4+ |
| MySQL / MariaDB | 5.6+ |
| Browser | Modern (ES2020+) |
Security model
Every REST endpoint enforces themanage_options capability check. Users without this capability receive a 403 Forbidden response. Authentication uses WordPress nonce validation on every request — the nonce is scoped to wp_rest and is passed in the X-WP-Nonce header.
Additional security measures applied throughout the plugin:
- File Manager paths are validated with
realpath()to prevent path traversal outsideABSPATH. wp-config.php,.htaccess, andindex.phpare write-protected in delete and rename endpoints.- The SQL query runner accepts only
SELECT,SHOW,DESCRIBE, andEXPLAINstatements. - Login-As tokens are single-use, stored in WordPress transients, and expire after 5 minutes.
- SVG uploads are sanitized server-side to strip
<script>tags,on*event attributes,javascript:hrefs,<foreignObject>, and<base>tags.
WP Manager Pro works on WordPress Multisite but is designed for single-site use. It activates on a per-site basis. Network-level management and super-admin actions are not currently supported.