=== Rabbit SEO === Contributors: rabbitseo Tags: seo, rabbitseo, optimization, application password, rest api Requires at least: 5.6 Tested up to: 7.0 Requires PHP: 7.4 Stable tag: 1.2.2 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Connect WordPress to Rabbit SEO with an embedded workspace, Application Password connection, and REST API access. == Description == Rabbit SEO links your WordPress site to [Rabbit SEO](https://www.rabbitseo.com) so you can: * Open the Rabbit SEO workspace inside WordPress Admin (account created automatically from your WP admin email) * Automatically embed the Rabbit SEO frontend script using your website GUID * Allow Rabbit SEO to read pages and posts over the WordPress REST API * Push site snapshots for audits when Cloudflare blocks public crawlers This plugin never asks for your main WordPress login password. When you connect, it creates a WordPress Application Password named "Rabbit SEO" and sends it once to Rabbit SEO over HTTPS. == Installation == 1. Install **Rabbit SEO** from Plugins → Add New, or upload the ZIP. 2. Activate the plugin. 3. Open the **Rabbit SEO** menu — the workspace loads in this window and creates or opens your account. 4. Complete welcome onboarding (3 cards). 5. Click **Connect WordPress** inside the workspace (required for Auto Fix, publish, and Cloudflare-safe page audits). 6. Approve the connection — the plugin then pushes a site snapshot so Rabbit SEO can optimize without public scraping. You can also start from rabbitseo.com: Install plugin → Connect → Approve in WordPress Admin. Both directions use the same connection. Local development tip: define `RABBITSEO_APP_BASE_URL` in `wp-config.php` (for example `http://localhost:8080`) to point at a local Rabbit SEO server. == Privacy / data disclosure == When you open the workspace, Rabbit SEO receives your WordPress admin email and site URL to create or log in your account. After you approve the Application Password connection, Rabbit SEO also receives: * Site URL, home URL, REST API URL * WordPress username * One-time Application Password (stored encrypted by Rabbit SEO; never saved by this plugin) * Website GUID, WordPress version, plugin version, connection ID * Snapshot HTML for connected pages (outbound from your WordPress server) for Cloudflare-safe audits This plugin stores only non-secret connection metadata locally (GUID, connection ID, Application Password UUID, script settings). Your main WordPress password is never requested or stored. == Frequently Asked Questions == = Why do I need HTTPS? = WordPress Application Passwords require a secure environment on production sites. = Why is Connect required? = Connect links Rabbit SEO to your site with an Application Password and enables snapshot sync. Without it, Cloudflare or bot protection can block public page scans. Connect is required for Auto Fix, publishing, and reliable audits. = Does this overwrite Yoast / Rank Math / AIOSEO? = No. Rabbit SEO metadata is stored under `_rabbitseo_*` keys and does not silently overwrite third-party SEO plugin fields. = Can I disable the script without disconnecting? = Yes. Use the script checkbox on the Rabbit SEO admin page. == Changelog == = 1.2.2 = * Connect is required (not optional) for Auto Fix, publish, and Cloudflare-safe snapshot audits. * Clearer WordPress Admin messaging and install steps for Connect → Approve → Sync. * Direct plugin-information install deep link from Rabbit SEO (exact slug, one Install Now). = 1.2.1 = * Signed iframe login when already connected (HMAC with per-site shared secret). * Safer soft-create path for first install. = 1.2.0 = * Plugin-first workspace: embed Rabbit SEO in WordPress Admin (no new window). * Auto-register / login from the current WordPress admin email and site URL. * Compact WordPress connection strip for App Password sync controls. = 1.1.0 = * Outbound site snapshot sync to Rabbit SEO (HMAC signed) for Cloudflare-safe audits. * Sync now control, daily safety sync, and publish/update/delete incremental updates. * Snapshot shared secret established during Approve and Connect. = 1.0.0 = * Initial production release. * Secure Application Password connection flow. * Frontend script embed with approved CDN allowlist. * REST read endpoints for status, pages, and SEO metadata. == Upgrade Notice == = 1.2.2 = Connect WordPress from the workspace after install so Auto Fix and Cloudflare-safe audits work.