WP Maintenance Manager

May 26, 2026 Engineering Notes

Sweeping i18n leaks with four parallel AI agents — from 300 candidates down to 60 real bugs

For any app past a certain size that’s gone bilingual, the question “how much hardcoded Japanese is still hiding in our repo?” never quite goes away. A naive grep for [ぁ-んァ-ヶ一-龯] returns thousands of hits, and the vast majority are inside translation tables, already-branched code, or comments. The real leaks are buried. For one cleanup pass we attacked this with four parallel AI investigation agents plus AST-based false-positive filtering. The result: ~300 candidates detected → ~60 real leaks → cleaned up across five rounds. This post walks through the flow and the most interesting bug it uncovered — paying English users had been getting Japanese email from the Stripe webhook …

May 24, 2026 WordPress Maintenance

When SSH commands hit a csh login shell — wrapping every command in /bin/sh -c across the codebase

One day a user reported an oddly asymmetric bug. In the “add new site” modal, picking an SSH profile and clicking “auto-detect WordPress install path” always failed with “no path found.” But clicking the WP-CLI path test button on the same SSH connection worked fine. Same credentials, same host — one succeeded, the other failed. Tracing it down, the culprit was an old foe: csh / bash incompatibility on the server side. This post walks through the fix, sweeping the same bug across the rest of the codebase, and the static-analysis test we added to keep it from coming back. The smoking gun — find: 2: unknown primary or operator …

May 24, 2026 Engineering Notes

Building a cache-first dashboard — explicit fetch and a closes-but-keeps-running notice

When we shipped a cross-site dashboard in v1.6.2 — a single view that shows plugin-update status across multiple WordPress sites — we hit a UX wall almost immediately. Opening the dashboard meant waiting 24.5 seconds, every time. And the wait got longer as more sites were added. A user put it bluntly: “It launches a heavy operation the moment I open it. I wasn’t mentally prepared for that.” This post walks through the slightly unusual async-UX combination we landed on for that page — cache-first display, explicit fetch, and a “closes-but-keeps-running” notice. What was eating the time Under the hood, the dashboard was running parallel SSH scans against every connected …

May 23, 2026 WordPress Maintenance

Connection architectures for WordPress maintenance tools — mapping four products on a two-axis grid

While writing the comparison pages for ManageWP, MainWP, WP Umbrella, and InfiniteWP on our LP, I tried to line up the four products under a single “connection method” column — and got stuck. The same ManageWP gets called a “Hosted SaaS tool” in one source, a “Worker plugin tool” in another, and a “self-hosted” tool in yet another. On closer look, these labels are mixing two distinct axes into one column. Once you separate them, the four products fit cleanly into a two-axis, six-cell grid. This post lays out that grid and walks through what each cell means for day-to-day operations. Axis 1 — What gets installed on the client …

May 22, 2026 Engineering Notes

Hub-and-spoke SEO for comparison pages — fielding ‘alternative’ search intent from multiple angles

The WordPress maintenance space has several decade-old incumbents — ManageWP, MainWP, WP Umbrella, InfiniteWP. Building a new entrant means inevitably fielding queries like “ManageWP alternative” and “WordPress maintenance tools comparison” — search intent that names a competitor or the category itself. To handle that intent carefully, the LP runs a hub-and-spoke comparison structure. Here’s how it’s built and why. What hub-and-spoke means A hub-and-spoke pattern places one central page (the hub) and multiple related sub-pages (spokes) in a radial arrangement. The naming follows airline hub airports: the hub is the overview, the spokes are the per-item deep dives. In an SEO context, that maps neatly onto search intent: broad overview …

May 22, 2026 WordPress Maintenance

Playwright versus WordPress’s ‘admin email confirmation’ screen — how automation can clear the 6-month gate

If you drive the WordPress admin via Playwright for long enough, one day a screen you’ve never seen before will appear after login, and everything downstream stops working. Is admin@example.com still the correct admin email address? [ Yes, the email is correct ] [ Change the address ] That’s WordPress’s admin email confirmation screen. Roughly every six months, after the admin user logs in, this confirmation screen gets injected — standard behavior since WP 4.9. A human just clicks once. An automation script can’t see it without explicit handling. Why automation gets stuck A straightforward Playwright login looks like: page.fill(‘#user_login’, user) page.fill(‘#user_pass’, pwd) page.click(‘input[type="submit"]’) page.wait_for_load_state(‘domcontentloaded’) # Assumes we’re on the …

May 20, 2026 WordPress Maintenance

When WP admin shows a plugin update but WP-CLI doesn’t — making automation see proprietary updaters

You open the “Updates” page in WordPress admin and see that Elementor Pro / ACF Pro / vk-blocks-pro have updates available. Then you run wp plugin update –all from your automation, and those exact plugins don’t update. The asymmetry — “the admin sees it; WP-CLI doesn’t” — traces back to how WordPress detects updates and how premium plugins layer proprietary update mechanisms on top of that. Here’s the mechanism and how an automation tool can adapt. WordPress update detection is held by a transient cache WordPress doesn’t decide “is there an update?” on every request. It caches the answer in the wp_options table as a transient, valid for up to …

May 20, 2026 WordPress Maintenance

Solving ‘Permissions are too open’ from inside the app — auto-diagnosing and auto-fixing SSH key permissions

Almost every user new to SSH hits this wall: WARNING: UNPROTECTED PRIVATE KEY FILE! Permissions 0644 for ‘/Users/…/id_rsa.pem’ are too open. This private key will be ignored. They placed the key in ~/.ssh/, entered the path into the SSH settings, and clicked Connect — only to see this. The fix is a single command (chmod 600 ~/.ssh/id_rsa.pem), which is obvious to anyone familiar with SSH but the biggest stumbling block for users who don’t open a terminal. Here’s the design behind solving this inside the app — diagnose, confirm, then auto-fix — and how the phases broke out. Why OpenSSH demands 0600 OpenSSH (and paramiko, which mirrors the same check …

May 20, 2026 WordPress Maintenance

‘not a valid OPENSSH private key file’ — building a compat layer for seven SSH private-key formats

If you wire SSH into WordPress maintenance automation, you’ll meet this error sooner or later: SSHException: not a valid OPENSSH private key file “I configured the key file — why?” is the usual reaction. Tracing several real SSH-connection-test failures, the root issue becomes clear: paramiko alone can’t read SSH private keys outside the OpenSSH format. In production, hosting providers and key-generation tools produce different formats, and paramiko’s standard loader rejects many of them. Here’s the design of a “seven-format compat loader” we built to handle this. Far more SSH key formats than you’d guess “SSH key” usually conjures up —–BEGIN OPENSSH PRIVATE KEY—–, but in practice the keys you receive …

May 19, 2026 WordPress Maintenance

Renaming a site without losing its data — separating display name from a stable identifier

A client asks you to rename a site from acme-staging to the production name acme. The moment you rename it in the app, the DB backups, screenshots, and thumbnails you had been collecting all appear to disappear. The files are still on disk, but the new directory is empty. The data hasn’t carried over as “the same site.” It’s a trap you can fall into on day one, and we did — with our original design. Here’s how we redesigned things so renames don’t orphan data. Why the data appears to disappear — the site name was the key The original design of WP Maintenance Manager decided file locations based …