{"id":296440,"date":"2026-04-14T06:27:30","date_gmt":"2026-04-14T06:27:30","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/ai-patchwatch\/"},"modified":"2026-05-03T09:18:26","modified_gmt":"2026-05-03T09:18:26","slug":"aipatch-security-scanner","status":"publish","type":"plugin","link":"https:\/\/zh-sg.wordpress.org\/plugins\/aipatch-security-scanner\/","author":23219905,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.0.2","stable_tag":"2.0.2","tested":"7.0","requires":"6.5","requires_php":"7.4","requires_plugins":null,"header_name":"Aipatch Security Scanner","header_author":"Aipatch Security Scanner","header_description":"Lightweight security scanner for WordPress. Checks for outdated software, risky configurations, and applies safe hardening measures.","assets_banners_color":"","last_updated":"2026-05-03 09:18:26","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/estebanstifli\/aipatch-security-scanner","header_author_uri":"https:\/\/github.com\/estebanstifli","rating":0,"author_block_rating":0,"active_installs":0,"downloads":201,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"estebandezafra","date":"2026-04-14 06:30:49"},"2.0.1":{"tag":"2.0.1","author":"estebandezafra","date":"2026-04-17 13:52:21"},"2.0.2":{"tag":"2.0.2","author":"estebandezafra","date":"2026-05-03 09:18:26"}},"upgrade_notice":{"2.0.2":"<p>Maintenance and hardening release: fixes remediation rename destination handling, aligns <code>start-file-scan<\/code> root contract, and adds scanner safeguards for symlinks and runtime budgets.<\/p>","2.0.1":"<p>Major upgrade: 36 audit checks, multi-layer malware file scanner with family classification, WordPress core integrity verification, file integrity baseline, remediation engine with rollback, and 23 MCP abilities for AI agents. Database will be upgraded automatically.<\/p>","1.0.1":"<p>Maintenance release for WordPress.org submission updates.<\/p>","1.0.0":"<p>Initial release of Aipatch Security Scanner.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3521335,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2","2.0.1","2.0.2"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Security Dashboard \u2014 overall score, risk posture breakdown, and finding summary cards.","2":"Audit findings list \u2014 filterable by severity, category, and status.","3":"Malware file scan \u2014 heuristic results with risk classification.","4":"Known vulnerabilities \u2014 installed software matched against the vulnerability database.","5":"Hardening toggles \u2014 each rule with explanation and compatibility notes.","6":"Remediation history \u2014 applied fixes with rollback controls.","7":"Security event logs \u2014 severity filtering and CSV export.","8":"Settings \u2014 module control, scan scheduling, and log retention."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[8533,31093,55021,600,6460],"plugin_category":[54],"plugin_contributors":[238115],"plugin_business_model":[],"class_list":["post-296440","plugin","type-plugin","status-publish","hentry","plugin_tags-audit","plugin_tags-hardening","plugin_tags-malware-scanner","plugin_tags-security","plugin_tags-vulnerability","plugin_category-security-and-spam-protection","plugin_contributors-estebandezafra","plugin_committers-estebandezafra"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/aipatch-security-scanner\/assets\/icon-256x256.png?rev=3521335","icon_2x":"https:\/\/ps.w.org\/aipatch-security-scanner\/assets\/icon-256x256.png?rev=3521335","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Aipatch Security Scanner<\/strong> is a modular security audit engine built for site owners, developers, and AI-powered agents who need deep visibility into WordPress security posture \u2014 without the bloat of all-in-one security suites.<\/p>\n\n<h4>Why Aipatch Security Scanner?<\/h4>\n\n<p>Most WordPress security plugins are either too simple to be useful or too heavy to be practical. Aipatch takes a different approach:<\/p>\n\n<ul>\n<li><strong>Audit-first architecture.<\/strong> Every check is a standalone, testable module that returns structured findings with severity, confidence, evidence, and fingerprints.<\/li>\n<li><strong>Built for automation.<\/strong> 23 MCP abilities expose the full audit, scanning, and remediation surface to external AI agents \u2014 making Aipatch the first WordPress security plugin designed for agentic workflows.<\/li>\n<li><strong>Zero external dependencies.<\/strong> Everything runs locally. No accounts, no cloud services, no API keys required.<\/li>\n<li><strong>Reversible by design.<\/strong> Every automated remediation stores rollback data so you can undo any change with one click.<\/li>\n<\/ul>\n\n<h4>Core Capabilities<\/h4>\n\n<p><strong>36-Point Security Audit<\/strong><\/p>\n\n<p>Aipatch runs 36 automated checks across 8 categories \u2014 core, plugins, themes, users, configuration, server, access control, and malware surface:<\/p>\n\n<ul>\n<li>Outdated WordPress core, plugins, and themes<\/li>\n<li>Default admin username, excessive admin accounts, inactive admin users, user ID 1 exposure<\/li>\n<li>XML-RPC, file editor, debug mode, debug log, REST API exposure, directory listing<\/li>\n<li>PHP version, HTTPS, file permissions, security headers (X-Frame-Options, CSP, etc.)<\/li>\n<li>Database prefix, sensitive files, PHP execution in uploads, auto-update configuration<\/li>\n<li>Salt key strength, cron health, cookie security flags, CORS, application passwords<\/li>\n<li>Exposed backup files, phpinfo files, uploads directory indexing, default login URL<\/li>\n<li>Database credential security, file installation permissions<\/li>\n<\/ul>\n\n<p>Every finding includes a severity (critical \/ high \/ medium \/ low \/ info), confidence score, human-readable explanation, and actionable recommendation.<\/p>\n\n<p><strong>Weighted Security Score (0\u2013100)<\/strong><\/p>\n\n<p>A logarithmic scoring engine computes an overall security score and per-area breakdown across six risk dimensions: software, access control, configuration, infrastructure, malware surface, and vulnerability exposure. Severity weights and confidence multipliers ensure the score reflects actual risk, not just issue count.<\/p>\n\n<p><strong>Multi-Layer Malware File Scanner<\/strong><\/p>\n\n<p>A three-layer file scanner (content 55%, context 25%, integrity 20%) with 27 detection signatures, Shannon entropy analysis, and malware family classification detects:<\/p>\n\n<ul>\n<li>Code execution patterns: eval(), assert(), create_function(), preg_replace \/e<\/li>\n<li>System command functions: shell_exec, exec, passthru, backtick operators<\/li>\n<li>Obfuscation techniques: base64 encoding, hex encoding, str_rot13, gzinflate chains, chr() concatenation, variable variables, suspiciously long lines<\/li>\n<li>Network\/exfiltration: cURL execution, fsockopen, remote file_get_contents<\/li>\n<li>Known backdoor signatures: c99, r57, WSO, b374k, weevely, FilesMan<\/li>\n<li>WordPress-specific threats: unauthorized admin creation, critical option injection, security function removal<\/li>\n<\/ul>\n\n<p>Scanning runs in batches via an async job system with configurable batch sizes \u2014 safe for shared hosting.<\/p>\n\n<p>Files are classified into 11 malware families (web shell, obfuscated loader, dropper, persistence backdoor, cloaked PHP, code injector, and more) with confidence scores and remediation hints.<\/p>\n\n<p><strong>WordPress Core Integrity Verification<\/strong><\/p>\n\n<p>Verifies every core file against official checksums from api.wordpress.org. Detects modified core files (checksum mismatch), missing core files, and unexpected files planted in wp-admin\/ or wp-includes\/. Core tampering findings are automatically escalated to critical severity with zero false-positive likelihood.<\/p>\n\n<p><strong>File Integrity Baseline<\/strong><\/p>\n\n<p>Build a known-good hash baseline of all PHP files in your installation. Diff against it at any time to detect modified, deleted, or newly added files. Origin detection distinguishes core, plugin, theme, and upload files.<\/p>\n\n<p><strong>Vulnerability Intelligence<\/strong><\/p>\n\n<p>A local knowledge base of known plugin, theme, and core vulnerabilities with a database-backed caching layer for fast lookups. Provider architecture allows extending with external feeds.<\/p>\n\n<p><strong>One-Click Remediation with Rollback<\/strong><\/p>\n\n<p>Apply fixes directly from findings \u2014 change WordPress options, delete suspicious files, rename files, patch file contents, or add .htaccess rules. Every automated action stores a full rollback payload so you can reverse any change. Manual remediations can be logged for audit trails.<\/p>\n\n<p>Six supported action types: <code>wp_option<\/code>, <code>delete_file<\/code>, <code>rename_file<\/code>, <code>file_patch<\/code>, <code>htaccess_rule<\/code>, <code>manual<\/code>.<\/p>\n\n<p><strong>Hardening Module<\/strong><\/p>\n\n<p>Five toggleable hardening rules with clear explanations and compatibility warnings:<\/p>\n\n<ul>\n<li>Disable XML-RPC \u2014 blocks external XML-RPC requests and removes X-Pingback header<\/li>\n<li>Hide WordPress Version \u2014 removes version leaks from source, RSS feeds, scripts, and styles<\/li>\n<li>Restrict REST API \u2014 limits sensitive endpoints to authenticated users<\/li>\n<li>Block Author Scanning \u2014 prevents user enumeration via author archives<\/li>\n<li>Login Brute-Force Protection \u2014 rate-limits login attempts per IP with configurable thresholds and lockout duration<\/li>\n<\/ul>\n\n<p><strong>Persistent Findings Store<\/strong><\/p>\n\n<p>All audit findings persist in a dedicated database table with automatic deduplication by fingerprint. Track findings over time \u2014 dismissed findings stay dismissed across scans; resolved findings reopen if the issue reappears.<\/p>\n\n<p><strong>Security Event Logging<\/strong><\/p>\n\n<p>Every scan, hardening change, remediation, and significant event is logged to a dedicated table. Logs are filterable by severity and exportable as CSV.<\/p>\n\n<p><strong>WordPress Site Health Integration<\/strong><\/p>\n\n<p>Adds 6 security tests to the built-in Site Health screen: file editor, debug mode, XML-RPC, admin username, SSL, and overall security score.<\/p>\n\n<p><strong>Performance Diagnostics<\/strong><\/p>\n\n<p>Built-in performance profiling to identify slow queries, high memory usage, and resource bottlenecks related to security operations.<\/p>\n\n<p><strong>REST API<\/strong><\/p>\n\n<p>10 authenticated endpoints under the <code>aipatch-security-scanner\/v1<\/code> namespace for triggering scans, retrieving summaries, toggling hardening, exporting logs, and running performance diagnostics.<\/p>\n\n<h4>MCP Surface for AI Agents (23 Abilities)<\/h4>\n\n<p>Aipatch exposes 23 structured abilities via the WordPress Abilities API \u2014 making your site's security surface fully accessible to external AI agents, coding assistants, and orchestration tools:<\/p>\n\n<p>By default, only <strong>aipatch\/audit-site<\/strong> is enabled. You can enable additional abilities from <strong>Aipatch Security Scanner -&gt; Settings -&gt; MCP Abilities<\/strong>.<\/p>\n\n<p><strong>Audit &amp; Scanning<\/strong><\/p>\n\n<ul>\n<li><strong>aipatch\/audit-site<\/strong> \u2014 Run a full 36-check security audit with scored findings<\/li>\n<li><strong>aipatch\/audit-suspicious<\/strong> \u2014 Quick heuristic scan for suspicious files<\/li>\n<li><strong>aipatch\/start-file-scan<\/strong> \u2014 Launch an async multi-layer malware scan job<\/li>\n<li><strong>aipatch\/process-file-scan-batch<\/strong> \u2014 Process next batch of files in a running scan<\/li>\n<li><strong>aipatch\/file-scan-progress<\/strong> \u2014 Check file scan progress<\/li>\n<li><strong>aipatch\/file-scan-results<\/strong> \u2014 Retrieve enriched scan results with family, reasons, layer scores<\/li>\n<li><strong>aipatch\/get-scan-summary<\/strong> \u2014 Comprehensive latest scan summary with classification breakdown<\/li>\n<li><strong>aipatch\/list-suspicious-files<\/strong> \u2014 List suspicious files from latest scan (no job_id needed)<\/li>\n<\/ul>\n\n<p><strong>Integrity &amp; Baseline<\/strong><\/p>\n\n<ul>\n<li><strong>aipatch\/verify-core-integrity<\/strong> \u2014 Verify WP core files against official api.wordpress.org checksums<\/li>\n<li><strong>aipatch\/baseline-build<\/strong> \u2014 Build or refresh the known-good file hash baseline<\/li>\n<li><strong>aipatch\/baseline-diff<\/strong> \u2014 Compare current filesystem against stored baseline<\/li>\n<li><strong>aipatch\/baseline-stats<\/strong> \u2014 Baseline statistics by origin type<\/li>\n<li><strong>aipatch\/get-baseline-drift<\/strong> \u2014 Combined baseline drift + core integrity report<\/li>\n<\/ul>\n\n<p><strong>Findings &amp; Monitoring<\/strong><\/p>\n\n<ul>\n<li><strong>aipatch\/list-findings<\/strong> \u2014 Query persistent findings with status\/severity\/category filters<\/li>\n<li><strong>aipatch\/findings-stats<\/strong> \u2014 Aggregate finding statistics<\/li>\n<li><strong>aipatch\/findings-diff<\/strong> \u2014 New and resolved findings since a point in time<\/li>\n<li><strong>aipatch\/get-file-finding-detail<\/strong> \u2014 Single finding with decoded metadata, layer scores, family<\/li>\n<li><strong>aipatch\/dismiss-finding<\/strong> \u2014 Dismiss a finding as accepted risk<\/li>\n<\/ul>\n\n<p><strong>Remediation<\/strong><\/p>\n\n<ul>\n<li><strong>aipatch\/apply-remediation<\/strong> \u2014 Apply a security fix with rollback support<\/li>\n<li><strong>aipatch\/rollback-remediation<\/strong> \u2014 Undo a previously applied fix<\/li>\n<li><strong>aipatch\/list-remediations<\/strong> \u2014 List remediation history with filters<\/li>\n<\/ul>\n\n<p><strong>Jobs &amp; Status<\/strong><\/p>\n\n<ul>\n<li><strong>aipatch\/list-jobs<\/strong> \u2014 List scan\/audit jobs with filters<\/li>\n<li><strong>aipatch\/get-async-job-status<\/strong> \u2014 Check async job status and retrieve results<\/li>\n<\/ul>\n\n<p>20 abilities are read-only; only 3 (dismiss, apply-remediation, rollback) modify site state. All abilities include typed input\/output schemas, permission checks (<code>manage_options<\/code>), and structured error responses.<\/p>\n\n<h4>What Aipatch Does NOT Do<\/h4>\n\n<ul>\n<li>It is NOT a firewall or WAF \u2014 it does not filter incoming traffic.<\/li>\n<li>It does NOT intercept frontend requests or affect page load performance.<\/li>\n<li>It does NOT phone home, require an account, or send data externally.<\/li>\n<li>It does NOT inject ads, upsells, or nag notices.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>aipatch-security-scanner<\/code> folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu in WordPress.<\/li>\n<li>Navigate to <strong>Aipatch Security Scanner \u2192 Dashboard<\/strong> to run your first audit.<\/li>\n<li>Review your security score and findings, then explore hardening options.<\/li>\n<\/ol>\n\n<p>For AI agent integration, ensure the WordPress Abilities API is available and connect your agent to the <code>aipatch\/audit-site<\/code> ability.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20many%20security%20checks%20does%20aipatch%20run%3F\"><h3>How many security checks does Aipatch run?<\/h3><\/dt>\n<dd><p>36 automated checks across 8 categories: WordPress core, plugins, themes, users, configuration, server, access control, and malware surface. Each finding includes severity, confidence, evidence, and a specific recommendation.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20slow%20down%20my%20site%3F\"><h3>Does this plugin slow down my site?<\/h3><\/dt>\n<dd><p>No. Aipatch adds nothing to the frontend. Audits run on demand, via WP-Cron, or through the REST API. The malware file scanner uses a job-based batch system so it never monopolizes server resources.<\/p><\/dd>\n<dt id=\"does%20it%20require%20an%20external%20api%20or%20account%3F\"><h3>Does it require an external API or account?<\/h3><\/dt>\n<dd><p>No. Everything runs locally with zero external dependencies. The vulnerability provider architecture supports optional external feeds for extended coverage.<\/p><\/dd>\n<dt id=\"can%20aipatch%20detect%20malware%3F\"><h3>Can Aipatch detect malware?<\/h3><\/dt>\n<dd><p>Yes. The multi-layer file scanner uses 27 detection signatures covering code execution, obfuscation, backdoor patterns, and WordPress-specific threats, plus Shannon entropy analysis for encoded payloads. Files are classified as clean, suspicious, risky, or malicious with a 0\u2013100 risk score and assigned to one of 11 malware families (web shell, obfuscated loader, dropper, backdoor, etc.) with confidence levels. WordPress core files are additionally verified against official checksums from api.wordpress.org.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20a%20remediation%20breaks%20something%3F\"><h3>What happens if a remediation breaks something?<\/h3><\/dt>\n<dd><p>Every automated remediation stores full rollback data. You can reverse any change \u2014 restored files include original content and permissions, reversed options include the previous value, removed .htaccess rules are cleanly deleted. Manual remediations are tracked but not auto-reversible.<\/p><\/dd>\n<dt id=\"is%20it%20compatible%20with%20other%20security%20plugins%3F\"><h3>Is it compatible with other security plugins?<\/h3><\/dt>\n<dd><p>Yes. Aipatch focuses on auditing, scanning, and remediation \u2014 not request filtering. It coexists with firewalls like Wordfence, Sucuri, or Cloudflare without conflicts.<\/p><\/dd>\n<dt id=\"what%20is%20the%20mcp%20surface%3F\"><h3>What is the MCP surface?<\/h3><\/dt>\n<dd><p>MCP (Model Context Protocol) is the standard for AI agents to interact with tools. Aipatch exposes 23 structured abilities via the WordPress Abilities API, allowing AI agents to audit your site, scan for malware, verify core integrity, track findings over time, and apply fixes \u2014 all through typed, permissioned tool calls. 20 are read-only; only 3 modify site state.<\/p><\/dd>\n<dt id=\"what%20data%20does%20it%20store%3F\"><h3>What data does it store?<\/h3><\/dt>\n<dd><p>Audit findings, scan history, file baselines, scan results, remediation records, vulnerability cache, job state, hardening preferences, settings, and event logs \u2014 all in your WordPress database. Nothing leaves your server.<\/p><\/dd>\n<dt id=\"what%20php%20version%20does%20aipatch%20require%3F\"><h3>What PHP version does Aipatch require?<\/h3><\/dt>\n<dd><p>PHP 7.4 or higher. WordPress 6.5 or higher.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>2.0.2<\/h4>\n\n<ul>\n<li>MCP abilities now default to only <strong>aipatch\/audit-site<\/strong> enabled; additional abilities can be enabled from Settings.<\/li>\n<li>Fixed remediation <code>rename_file<\/code> path handling so destination paths can be new files (without requiring the destination to already exist).<\/li>\n<li>Updated <code>aipatch\/start-file-scan<\/code> ability to actually support the <code>root<\/code> input with strict validation inside WordPress root.<\/li>\n<li>Hardened file enumeration by disabling symlink traversal and skipping symlink entries.<\/li>\n<li>Added runtime and batch budgets to synchronous file scan execution to prevent unbounded scans.<\/li>\n<\/ul>\n\n<h4>2.0.1<\/h4>\n\n<ul>\n<li>Major architecture overhaul: modular audit engine with interface\/registry\/engine pattern.<\/li>\n<li>36 security checks (up from 12) across 8 categories including malware surface and access control.<\/li>\n<li>Weighted logarithmic scoring engine with per-area risk posture breakdown.<\/li>\n<li>Heuristic malware file scanner with 27 signatures and Shannon entropy check.<\/li>\n<li>Async job system for batch file scanning on shared hosting.<\/li>\n<li>File integrity baseline with origin detection (core, plugin, theme, upload).<\/li>\n<li>Persistent findings store with deduplication, automatic resolution, and dismissal tracking.<\/li>\n<li>Vulnerability intelligence caching layer with decorator pattern.<\/li>\n<li>One-click remediation engine with full rollback support (6 action types).<\/li>\n<li>23 MCP abilities via WordPress Abilities API for AI agent integration.<\/li>\n<li>WordPress core integrity verification against official api.wordpress.org checksums.<\/li>\n<li>Multi-layer scoring engine (content 55%, context 25%, integrity 20%) with 11 malware family classification.<\/li>\n<li>7 new database tables (9 total) for jobs, findings, baselines, scan results, vulnerability cache, and remediations.<\/li>\n<li>New audit checks: cookie security, backup files, phpinfo exposure, CORS, uploads index, login URL, database credentials.<\/li>\n<li>Hardening: added author scanning protection.<\/li>\n<li>Path traversal protection for all file operations.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Updated version metadata and packaging adjustments for WordPress.org review.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>Security dashboard with risk score.<\/li>\n<li>Local security scanner with 12 checks.<\/li>\n<li>Hardening module with 4 toggleable rules.<\/li>\n<li>Built-in vulnerability database.<\/li>\n<li>Security event logging.<\/li>\n<li>WordPress Site Health integration.<\/li>\n<li>REST API for plugin operations.<\/li>\n<li>Automatic scans via WP-Cron.<\/li>\n<\/ul>","raw_excerpt":"WordPress security scanner with 36 checks, malware scanning, core integrity verification, remediation, and 23 MCP abilities.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/296440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=296440"}],"author":[{"embeddable":true,"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/estebandezafra"}],"wp:attachment":[{"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=296440"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=296440"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=296440"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=296440"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=296440"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/zh-sg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=296440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}