{"id":330624,"date":"2026-07-10T08:38:46","date_gmt":"2026-07-10T08:38:46","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/maintenance-agent\/"},"modified":"2026-07-10T08:38:21","modified_gmt":"2026-07-10T08:38:21","slug":"kreiswolke-maintenance-agent-toolkit","status":"publish","type":"plugin","link":"https:\/\/az.wordpress.org\/plugins\/kreiswolke-maintenance-agent-toolkit\/","author":13656071,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0.1","requires":"5.6","requires_php":"7.4","requires_plugins":null,"header_name":"Kreiswolke Maintenance Agent Toolkit","header_author":"Kreiswolke","header_description":"Maintenance toolkit for WordPress: site stack reporting, backup integration, health checks, per-item rollback, and managed update execution. Standalone, or connected to the Kreiswolke control app.","assets_banners_color":"183253","last_updated":"2026-07-10 08:38:21","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/kreiswolke.com\/wp-maintenance-agent\/","header_author_uri":"https:\/\/kreiswolke.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":22,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"Basic777","date":"2026-07-10 08:38:21"}},"upgrade_notice":{"1.0.0":"<p>First public release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3602685,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3602685,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3602685,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3602685,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3602539,"resolution":"1","location":"assets","locale":"","width":1800,"height":2349},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3602539,"resolution":"2","location":"assets","locale":"","width":2377,"height":1635},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3602539,"resolution":"3","location":"assets","locale":"","width":2385,"height":1575},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3602539,"resolution":"4","location":"assets","locale":"","width":1800,"height":1015},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3602539,"resolution":"5","location":"assets","locale":"","width":1800,"height":959},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3602539,"resolution":"6","location":"assets","locale":"","width":1800,"height":1015}},"screenshots":{"1":"Hardening: 20 security and anti-bot protections, each with a plain-English explainer \u2014 all off by default, configured from wp-admin.","2":"Coming Soon and maintenance mode \u2014 animated splash with content and SEO controls, toggled instantly.","3":"Connect: link the site to the free companion app through a secure key \u2014 no admin password is ever entered.","4":"Optional free companion app \u2014 site overview with the agent's read-only assessment.","5":"Optional free companion app \u2014 full stack inventory with one-click update and rollback per item.","6":"Optional free companion app \u2014 uptime, response-time, and incident monitoring."}},"plugin_section":[],"plugin_tags":[151,732,10708,600,2550],"plugin_category":[52,54,59],"plugin_contributors":[270834],"plugin_business_model":[],"class_list":["post-330624","plugin","type-plugin","status-publish","hentry","plugin_tags-backup","plugin_tags-maintenance","plugin_tags-rollback","plugin_tags-security","plugin_tags-updates","plugin_category-performance","plugin_category-security-and-spam-protection","plugin_category-utilities-and-tools","plugin_contributors-basic777","plugin_committers-basic777"],"banners":{"banner":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/banner-772x250.png?rev=3602685","banner_2x":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/banner-1544x500.png?rev=3602685","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/icon-128x128.png?rev=3602685","icon_2x":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/icon-256x256.png?rev=3602685","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/screenshot-1.png?rev=3602539","caption":"Hardening: 20 security and anti-bot protections, each with a plain-English explainer \u2014 all off by default, configured from wp-admin."},{"src":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/screenshot-2.png?rev=3602539","caption":"Coming Soon and maintenance mode \u2014 animated splash with content and SEO controls, toggled instantly."},{"src":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/screenshot-3.png?rev=3602539","caption":"Connect: link the site to the free companion app through a secure key \u2014 no admin password is ever entered."},{"src":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/screenshot-4.png?rev=3602539","caption":"Optional free companion app \u2014 site overview with the agent's read-only assessment."},{"src":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/screenshot-5.png?rev=3602539","caption":"Optional free companion app \u2014 full stack inventory with one-click update and rollback per item."},{"src":"https:\/\/ps.w.org\/kreiswolke-maintenance-agent-toolkit\/assets\/screenshot-6.png?rev=3602539","caption":"Optional free companion app \u2014 uptime, response-time, and incident monitoring."}],"raw_content":"<!--section=description-->\n<p>Maintenance Agent keeps your WordPress sites updated, hardened, and recoverable \u2014 so staying current is no longer a risk or a chore. You get a complete maintenance toolkit: careful updates, security hardening, instant rollback, emergency recovery, anti-bot features and Coming Soon page.<\/p>\n\n<p>Drive it with your own AI assistant, manually, or through the free companion app \u2014 which adds the dashboards, manual controls and a specialized agent that runs the whole cycle based on dependencies and site history.<\/p>\n\n<h4>Protect and harden \u2014 via wp-admin or remote (FREE)<\/h4>\n\n<ul>\n<li>20 hardening and anti-bot features: security headers, HSTS, hide usernames, generic login errors, disable the file editor, force SSL on admin, block xmlrpc, block PHP execution in uploads, block sensitive files, honeypot URLs, bad-bot blocklist, directory listing off \u2014 and more. Each with a plain-English helper, all off by default.<\/li>\n<li>Login gate: protect your login with a PIN page that stops login-hammering bots before WordPress even boots (saves server resources).<\/li>\n<li>Every <code>.htaccess<\/code> change backed up automatically first, restorable in one click \u2014 plus an FTP kill-switch.<\/li>\n<li>Animated Coming Soon page and maintenance mode, configurable and SEO-aware.<\/li>\n<\/ul>\n\n<h4>Careful maintenance toolset \u2014 for agents and custom integrations (FREE)<\/h4>\n\n<ul>\n<li>Works with any MCP-capable AI assistant, your scripts, or CI. Registered with the WordPress Abilities API (WP 6.9+), standard Application Password auth.<\/li>\n<li>Full site stack and health reports: versions, every plugin and theme, update availability, recent errors.<\/li>\n<li>A lightweight health signal, readable any time: database reachable, recent fatals, free disk space, stalled cron, auto-disabled plugins, active cache layer.<\/li>\n<li>Point-in-time snapshot of every plugin, theme, core, and the database \u2014 taken before anything is touched.<\/li>\n<li>The building blocks for careful, one-at-a-time updates: update a single item, flush caches, run a health check \u2014 sequenced by whatever drives it (the app's agent, your script, or your AI assistant).<\/li>\n<li>Install, activate, deactivate, or remove any plugin or theme.<\/li>\n<li>Per-item restore: roll back only what broke \u2014 no full-site backup restore needed.<\/li>\n<li>Optional backup-plugin trigger (UpdraftPlus, BackWPup), cache flush, error-log tail.<\/li>\n<\/ul>\n\n<p>There is no AI inside the plugin itself \u2014 it is a deterministic toolkit. Intelligence lives in whatever you connect to it.<\/p>\n\n<h4>Dashboards and a specialized agent \u2014 via the companion app (FREE TIER)<\/h4>\n\n<ul>\n<li>The free plan is real and permanent (no credit card, no trial clock): one agent audit, 5 agent maintenance runs, 1 archived restore point, maintenance dashboards.<\/li>\n<li>Specialized agent with memory that runs the whole cycle: snapshot \u2192 reasoned dependency update order \u2192 verify each step \u2192 decides rollback if something breaks \u2192 reports.<\/li>\n<li>Dashboard with stack overview, health, pending updates, status, theme\/plugin installer, and more.<\/li>\n<li>Narrated, read-only first scan \u2014 see what the agent thinks of your site before anything is ever changed.<\/li>\n<li>Live run view (watch the agent do maintenance work), run history and reports, a Time Machine restore point, per-site notes.<\/li>\n<\/ul>\n\n<h4>More sites, scheduling, and monitoring \u2014 paid plans (optional)<\/h4>\n\n<p>The free plan runs the full agent and dashboards within a small monthly allowance. Paid plans lift the limits and add what matters once you manage more than one site:<\/p>\n\n<ul>\n<li>From a single site to a whole portfolio \u2014 more sites, more runs.<\/li>\n<li>Scheduling: a weekly maintenance rhythm per site, run unattended, reported back.<\/li>\n<li>Uptime, SSL and domain monitoring \u2014 external checks enriched with insider context (it knows which run touched the site and what changed).<\/li>\n<li>Cross-site installer: install, update, or harden plugins and themes across the whole fleet in one pass.<\/li>\n<li>Fleet-wide hardening \u2014 the security toolkit applied to many sites at once.<\/li>\n<li>Longer restore-point history, client reports under your agency branding, per-client routing.<\/li>\n<\/ul>\n\n<p>Pricing and the full comparison are on the website. The plugin never requires a paid plan \u2014 or any plan.<\/p>\n\n<h4>Why Maintenance Agent?<\/h4>\n\n<p>Updates should be careful, observable, and reversible. Most tools update everything at once and hope; this one is built the other way.<\/p>\n\n<ul>\n<li>It reasons before it acts: reads your stack, plans a dependency-aware order, updates one item at a time, verifies each step \u2014 then decides, per failure, whether to retry, skip, roll back, or stop.<\/li>\n<li>Everything is reversible: a snapshot before anything is touched, per-item rollback, and an emergency companion that recovers a site even when the site itself won't boot.<\/li>\n<li>Drive it your way: click it in the dashboard, ask the in-app assistant, or run it from your own AI assistant over MCP \u2014 the same safe operations, three ways in.<\/li>\n<li>Your data stays in the EU: hosted in Germany, GDPR-aligned with a data-processing agreement, credentials encrypted at rest, and onboarding that never asks for your admin password.<\/li>\n<\/ul>\n\n<p>Full features, screenshots, and pricing: https:\/\/kreiswolke.com\/wp-maintenance-agent\/<\/p>\n\n<h3>External services<\/h3>\n\n<p><strong>1. The Kreiswolke companion app (optional, opt-in only)<\/strong><\/p>\n\n<p>The plugin contacts the companion app <strong>only if you explicitly connect your site<\/strong> (a \"Connect\" action in the plugin's settings). Without connecting, the plugin sends nothing anywhere.<\/p>\n\n<p>When you connect:<\/p>\n\n<ul>\n<li>The connection is established through a consent screen on the app. During pairing, the site URL and cryptographic public keys are exchanged, and a standard WordPress Application Password is created for the app \u2014 after you accept the terms on the consent screen.<\/li>\n<li>A connected app can then read the site reports described above and perform the maintenance operations you authorize (updates, rollback, hardening configuration), authenticated by that Application Password plus a per-site request signature.<\/li>\n<li>The plugin itself initiates only one outgoing call: if the plugin is disconnected, deactivated with disconnect, or deleted, it sends a short, best-effort notification to the app \u2014 containing the event name, the site URL, and the pairing identifier \u2014 so the app stops treating the site as managed. No other data is in that call.<\/li>\n<li>You can disconnect at any time from the plugin's settings; uninstalling removes the credentials on the site (and revokes the Application Password).<\/li>\n<\/ul>\n\n<p>Service provider: Kreiswolke\nTerms of service: https:\/\/kreiswolke.com\/terms\/\nPrivacy policy: https:\/\/kreiswolke.com\/privacy-policy\/<\/p>\n\n<p><strong>2. api.wordpress.org<\/strong><\/p>\n\n<p>Site stack reports enrich plugin information (latest version, last-updated date, requirements) through WordPress core's own <code>plugins_api()<\/code> \u2014 the same wordpress.org API your site already uses for the update screen.<\/p>\n\n<p><strong>3. Requests to your own site<\/strong><\/p>\n\n<p>Several features fetch a URL <strong>on your own site<\/strong> (never a third party): the post-update health check (pinned to your site's address), the webserver-detection probe, the login-gate self-test, and a one-time compatibility probe before writing an <code>ErrorDocument<\/code> rule. These are loopback self-checks, listed here so they are not mistaken for external calls.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"can%20i%20use%20this%20with%20my%20own%20ai%20assistant%20or%20scripts%3F\"><h3>Can I use this with my own AI assistant or scripts?<\/h3><\/dt>\n<dd><p>Yes \u2014 that's what it's designed for. Every capability is a REST endpoint, registered with the WordPress Abilities API (WP 6.9+), so any MCP-capable client you trust \u2014 or plain curl \u2014 can discover and use them. Authentication is a standard WordPress Application Password; destructive operations are snapshot-first with on-disk verification. The plugin is useful to humans and to whatever tooling you already run.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20work%20without%20the%20companion%20app%3F\"><h3>Does the plugin work without the companion app?<\/h3><\/dt>\n<dd><p>Yes, fully. The app adds orchestration (the maintenance agent, scheduling, multi-site dashboards, reports); the plugin alone gives you the reports, rollback, careful updates, and hardening on a single site.<\/p><\/dd>\n<dt id=\"does%20it%20send%20my%20data%20anywhere%3F\"><h3>Does it send my data anywhere?<\/h3><\/dt>\n<dd><p>Not unless you connect it to the companion app, and then only as described under \"External services\". There is no telemetry, no tracking, no phone-home.<\/p><\/dd>\n<dt id=\"why%20does%20it%20install%20an%20mu-plugin%3F\"><h3>Why does it install an MU-plugin?<\/h3><\/dt>\n<dd><p>The emergency companion exists for exactly one scenario: a failed update breaks the main plugin (or the site), and you still need the heartbeat, the maintenance splash, and the restore tools to work. A regular plugin can't promise that \u2014 an MU-plugin can. It is written atomically (no half-written file can white-screen a site), updated only on activation\/version change, and removed on uninstall.<\/p><\/dd>\n<dt id=\"why%20does%20it%20write%20to%20.htaccess%3F\"><h3>Why does it write to .htaccess?<\/h3><\/dt>\n<dd><p>Only when you enable an Apache-level hardening feature, and only inside one clearly marked block. The plugin backs up your <code>.htaccess<\/code> before every change, offers one-click restore, ships a kill-switch (create one file via FTP and all rules turn off), and removes the block fully on deactivation\/uninstall. Blocking at the webserver is the point of these features: the request is rejected before PHP starts.<\/p><\/dd>\n<dt id=\"what%20is%20the%20login%20gate%2C%20and%20can%20it%20lock%20me%20out%3F\"><h3>What is the login gate, and can it lock me out?<\/h3><\/dt>\n<dd><p>The gate puts a small PIN page in front of <code>wp-login.php<\/code>. It was built after watching bots hammer login pages on real servers: every attempt boots PHP, WordPress, and the database \u2014 a WordPress-layer rate limiter still pays that cost on each hit. The gate stops those requests at the webserver, before WordPress runs; bot\/load protection is the primary purpose, the added login secrecy is a bonus. It is opt-in, requires a PIN before it can be enabled, and is built to fail open: if the plugin is removed by any means, the rule disables itself; a kill-switch file disables it instantly; logout\/password-reset URLs are never blocked.<\/p><\/dd>\n<dt id=\"why%20does%20the%20code%20contain%20base64%2C%20unserialize%2C%20and%20error%20handlers%3F\"><h3>Why does the code contain base64, unserialize, and error handlers?<\/h3><\/dt>\n<dd><p>base64 encodes\/decodes Ed25519 signature material and HTTP Basic auth \u2014 both are binary-to-text transports, not obfuscation; every site is commented. The single <code>unserialize()<\/code> reads WordPress's own Application Passwords usermeta and is hardened with <code>allowed_classes =&gt; false<\/code>. The error handler and shutdown hooks feed the plugin's own error log and let a restore endpoint return structured JSON even if a fatal occurs; the handler returns <code>false<\/code> so PHP's normal error flow is untouched.<\/p><\/dd>\n<dt id=\"does%20it%20work%20on%20nginx%3F\"><h3>Does it work on nginx?<\/h3><\/dt>\n<dd><p>Everything except the Apache-level rules, which are detected as not applicable; for each, the plugin shows an equivalent nginx snippet to paste into your server config instead of pretending it worked.<\/p><\/dd>\n<dt id=\"is%20there%20ai%20in%20the%20plugin%3F\"><h3>Is there AI in the plugin?<\/h3><\/dt>\n<dd><p>No. The plugin is a deterministic toolkit \u2014 predictable, inspectable, no model calls. AI-assisted planning happens in the optional companion app, server-side, only for connected sites.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial public release.<\/li>\n<li>Pre-update snapshot and per-item rollback for plugins, themes, core, and the database, with an archive of recent runs.<\/li>\n<li>Security and anti-bot hardening toolkit \u2014 security headers, xmlrpc \/ sensitive-file \/ author-enum protection, block PHP execution in uploads, optional PIN login gate \u2014 with automatic .htaccess backups and an FTP kill-switch.<\/li>\n<li>Site stack and health reporting; one-at-a-time updates with per-step health checks; cache flush; error-log tail.<\/li>\n<li>Animated Coming Soon page and maintenance mode.<\/li>\n<li>Registered with the WordPress Abilities API (WP 6.9+) so MCP-capable assistants can discover the tools.<\/li>\n<li>Optional, consent-based pairing with the Kreiswolke companion app for orchestrated multi-site maintenance.<\/li>\n<\/ul>","raw_excerpt":"The agent&#039;s toolkit for remote &amp; safe WordPress maintenance: snapshots, updates, stack management, health checks, rollbacks, recovery, and hardening","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/330624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=330624"}],"author":[{"embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/basic777"}],"wp:attachment":[{"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=330624"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=330624"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=330624"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=330624"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=330624"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=330624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}