{"id":298697,"date":"2026-04-29T04:57:09","date_gmt":"2026-04-29T04:57:09","guid":{"rendered":"https:\/\/vi.wordpress.org\/plugins\/siteops\/"},"modified":"2026-06-12T10:03:51","modified_gmt":"2026-06-12T10:03:51","slug":"sitevorx","status":"publish","type":"plugin","link":"https:\/\/pt-ao.wordpress.org\/plugins\/sitevorx\/","author":20572425,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.2.4","stable_tag":"1.2.4","tested":"7.0","requires":"5.5","requires_php":"7.4","requires_plugins":null,"header_name":"Sitevorx","header_author":"iNET","header_description":"All-in-one WordPress toolkit for optimization, security, SMTP, disk cleanup, and maintenance monitoring.","assets_banners_color":"","last_updated":"2026-06-12 10:03:51","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/inet.vn","rating":5,"author_block_rating":0,"active_installs":0,"downloads":522,"num_ratings":2,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"inetcorp","date":"2026-04-29 06:02:13"},"1.0.3":{"tag":"1.0.3","author":"inetcorp","date":"2026-04-29 06:21:54"},"1.0.4":{"tag":"1.0.4","author":"inetcorp","date":"2026-05-05 01:41:29"},"1.0.5":{"tag":"1.0.5","author":"inetcorp","date":"2026-05-05 08:55:53"},"1.0.6":{"tag":"1.0.6","author":"inetcorp","date":"2026-05-05 09:46:06"},"1.0.7":{"tag":"1.0.7","author":"inetcorp","date":"2026-05-05 10:00:06"},"1.1.0":{"tag":"1.1.0","author":"inetcorp","date":"2026-05-15 06:58:44"},"1.2.1":{"tag":"1.2.1","author":"inetcorp","date":"2026-05-25 08:09:46"},"1.2.3":{"tag":"1.2.3","author":"inetcorp","date":"2026-06-09 07:05:29"},"1.2.4":{"tag":"1.2.4","author":"inetcorp","date":"2026-06-12 10:03:51"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":2},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3517991,"resolution":"128x128","location":"assets","locale":"","width":1024,"height":1024},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3517991,"resolution":"256x256","location":"assets","locale":"","width":1024,"height":1024}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.1.0","1.2.1","1.2.3","1.2.4"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[3786,732,187,600,6696],"plugin_category":[41,52,54],"plugin_contributors":[261342],"plugin_business_model":[],"class_list":["post-298697","plugin","type-plugin","status-publish","hentry","plugin_tags-cleanup","plugin_tags-maintenance","plugin_tags-optimization","plugin_tags-security","plugin_tags-smtp","plugin_category-communication","plugin_category-performance","plugin_category-security-and-spam-protection","plugin_contributors-inetcorp","plugin_committers-inetcorp"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/sitevorx\/assets\/icon-128x128.png?rev=3517991","icon_2x":"https:\/\/ps.w.org\/sitevorx\/assets\/icon-256x256.png?rev=3517991","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Sitevorx<\/strong> is a lightweight, all-in-one WordPress plugin that helps you optimize performance, harden security, and manage your website from a single, modern dashboard. No bloat, no external dependencies \u2014 just the tools you need.<\/p>\n\n<h4>Security Center (NEW in 1.1.0)<\/h4>\n\n<ul>\n<li><strong>Security Score Dashboard<\/strong>: A single 0\u2013100 score that summarizes the hardening state of your site, with prioritized recommendations.<\/li>\n<li><strong>Core Integrity Checker<\/strong>: Compares every WordPress core file against the official <code>api.wordpress.org<\/code> MD5 checksums to detect modified, missing, or extra files.<\/li>\n<li><strong>HTTP Security Headers<\/strong>: One-click enable <code>X-Content-Type-Options<\/code>, <code>X-Frame-Options<\/code>, <code>Referrer-Policy<\/code>, and <code>Permissions-Policy<\/code> on the frontend.<\/li>\n<li><strong>Login Honeypot<\/strong>: Invisible bait field on <code>wp-login.php<\/code> that silently rejects spam bots without affecting real users.<\/li>\n<li><strong>User Enumeration Protection<\/strong>: Blocks <code>?author=N<\/code> probing and the public REST <code>\/wp\/v2\/users<\/code> endpoint for non-logged-in visitors.<\/li>\n<li><strong>Login Notification<\/strong>: Emails the administrator whenever an account with <code>manage_options<\/code> logs in successfully (1-hour cooldown per IP).<\/li>\n<li><strong>Login Attempt Limiter<\/strong>: Lock out IPs after repeated failed login attempts, with configurable threshold, lockout duration, and IP allowlist.<\/li>\n<li><strong>Secret Login URL<\/strong>: Hide the default <code>wp-login.php<\/code> behind a custom keyword.<\/li>\n<li><strong>Google reCAPTCHA v2 \/ v3<\/strong>: Protect the login form from bots, with a configurable v3 score threshold.<\/li>\n<li><strong>Disable XML-RPC<\/strong> and <strong>Disable File Editor<\/strong>: Block DDoS \/ brute-force vectors and stop code editing from the dashboard.<\/li>\n<\/ul>\n\n<h4>Speed Optimization<\/h4>\n\n<ul>\n<li><strong>Heartbeat Throttle<\/strong>: Slows the Heartbeat API to 60 seconds instead of disabling it, preserving autosave and post-locking.<\/li>\n<li><strong>System Tweaks<\/strong>: Lazy load images, limit post revisions, allow safe SVG uploads (with XXE-hardened sanitizer).<\/li>\n<li><strong>Database Cleanup<\/strong>: Remove revisions, spam comments, and expired transients in one click.<\/li>\n<li><strong>Malware Scanner<\/strong>: Scan your entire codebase and database for suspicious injections.<\/li>\n<\/ul>\n\n<h4>SMTP Configuration<\/h4>\n\n<ul>\n<li>Send emails via <strong>Gmail<\/strong> (App Password) or a <strong>custom SMTP server<\/strong> (SSL\/TLS).<\/li>\n<li>Built-in <strong>Test Email<\/strong> sender.<\/li>\n<li>Email delivery log with success\/failure tracking.<\/li>\n<li>Force From Name and From Email to prevent address drift.<\/li>\n<\/ul>\n\n<h4>Website Utilities<\/h4>\n\n<ul>\n<li>Inject tracking codes in <strong>Header\/Footer<\/strong> (Google Analytics, Facebook Pixel, etc.).<\/li>\n<li><strong>Content Protection<\/strong>: Disable right-click, text selection, and drag-and-drop.<\/li>\n<li><strong>Maintenance Mode<\/strong>: Display a professional \"under construction\" page to visitors.<\/li>\n<li><strong>Custom Login Logo<\/strong>: Replace the WordPress logo on the login screen with your own brand.<\/li>\n<\/ul>\n\n<h4>Disk Space Manager<\/h4>\n\n<ul>\n<li>Recursively scan your hosting for large files (&gt;50 MB).<\/li>\n<li>Auto-categorize files (backups, error logs, large media).<\/li>\n<li>Bulk delete to free up disk space instantly.<\/li>\n<\/ul>\n\n<h4>Floating Contact Buttons<\/h4>\n\n<ul>\n<li><strong>Phone Hotline<\/strong> button with animated icon.<\/li>\n<li><strong>Zalo<\/strong> chat button (auto-opens Zalo app).<\/li>\n<li><strong>Messenger<\/strong> chat button (m.me deep link).<\/li>\n<li>Fully responsive floating widget in the corner of your site.<\/li>\n<\/ul>\n\n<h4>Import \/ Export Settings<\/h4>\n\n<ul>\n<li><strong>Export<\/strong> all Sitevorx settings as a JSON file.<\/li>\n<li><strong>Import<\/strong> settings from another site in one click.<\/li>\n<li><strong>Reset<\/strong> all settings to factory defaults.<\/li>\n<\/ul>\n\n<h4>Scheduled Cleanup (WP-Cron)<\/h4>\n\n<ul>\n<li>Automatic cleanup: daily, twice daily, or weekly.<\/li>\n<li>Clears temp files, auto-drafts, spam, and optimizes database tables.<\/li>\n<li>Activity log showing the last 20 cleanup runs.<\/li>\n<\/ul>\n\n<h4>Maintenance &amp; Update Monitor<\/h4>\n\n<ul>\n<li>Track plugins and themes that need updating.<\/li>\n<li>Check WordPress core, PHP version, SSL status, and WP_DEBUG.<\/li>\n<li>Maintenance health score with actionable recommendations.<\/li>\n<\/ul>\n\n<h4>Server Info<\/h4>\n\n<ul>\n<li>View Web Server, PHP, MySQL, and WordPress versions at a glance.<\/li>\n<li>PHP limits: memory, execution time, input vars, upload size.<\/li>\n<li>List all loaded PHP extensions.<\/li>\n<li>Database size monitoring.<\/li>\n<\/ul>\n\n<h3>External Services<\/h3>\n\n<h4>Google reCAPTCHA (v2 and v3)<\/h4>\n\n<p>Sitevorx can optionally integrate with Google reCAPTCHA (v2 checkbox or v3 invisible \/ score-based) to protect the WordPress login form. This feature is disabled by default and only works when an administrator explicitly enables it, selects a version, and provides valid Google-issued API keys.<\/p>\n\n<p>When enabled, the plugin loads the Google reCAPTCHA JavaScript on the login screen and sends the generated verification token to Google's verification endpoint (<code>https:\/\/www.google.com\/recaptcha\/api\/siteverify<\/code>) during login validation. For v3, the configurable score threshold (filter <code>sitevorx_recaptcha_v3_score_threshold<\/code>, default <code>0.5<\/code>) is compared against Google's returned score.<\/p>\n\n<p>This service is provided by Google:\n* Service URL: https:\/\/www.google.com\/recaptcha\/\n* Verification endpoint: https:\/\/www.google.com\/recaptcha\/api\/siteverify\n* Terms of Service: https:\/\/policies.google.com\/terms\n* Privacy Policy: https:\/\/policies.google.com\/privacy<\/p>\n\n<h4>WordPress.org Core Checksums API<\/h4>\n\n<p>The <strong>Security Center \u2192 Ki\u1ec3m Tra To\u00e0n Di\u1ec7n \u2192 WordPress Core Integrity<\/strong> check (off by default; runs only when the admin clicks \"Ki\u1ec3m tra\") fetches the official MD5 checksums for the installed WordPress version from WordPress.org so it can flag modified or missing core files.<\/p>\n\n<ul>\n<li>Verification endpoint: https:\/\/api.wordpress.org\/core\/checksums\/1.0\/<\/li>\n<li>Request payload: only the installed WordPress version string (e.g. <code>6.4.2<\/code>) and the locale <code>en_US<\/code>. No site URL, user data, or content is sent.<\/li>\n<li>Operated by: WordPress.org<\/li>\n<li>Terms of Service: https:\/\/wordpress.org\/about\/privacy\/<\/li>\n<\/ul>\n\n<h3>Highlights<\/h3>\n\n<ul>\n<li><strong>All-in-one<\/strong>: Replaces 5-7 single-purpose plugins (SMTP, Security, Optimization, Cleanup, Maintenance).<\/li>\n<li><strong>Modern UI<\/strong>: Gradient banners, collapsible sidebar, toast notifications, fully responsive.<\/li>\n<li><strong>Secure by design<\/strong>: Nonce verification, input sanitization, CSRF protection, prepared database queries.<\/li>\n<li><strong>Lightweight<\/strong>: Modular architecture \u2014 only loads what you use. Zero frontend impact. No Composer or NPM required.<\/li>\n<li><strong>Localized<\/strong>: Full Vietnamese (vi) translation included via .po\/.mo files.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>sitevorx<\/code> folder to <code>\/wp-content\/plugins\/<\/code>, or install the ZIP file via <strong>Plugins &gt; Add New &gt; Upload Plugin<\/strong>.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu in WordPress.<\/li>\n<li>Navigate to the <strong>Sitevorx<\/strong> menu item in your admin sidebar.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20conflict%20with%20wp%20mail%20smtp%3F\"><h3>Does this plugin conflict with WP Mail SMTP?<\/h3><\/dt>\n<dd><p>Yes, both plugins hook into <code>phpmailer_init<\/code>. We recommend deactivating other SMTP plugins before using Sitevorx's built-in SMTP module.<\/p><\/dd>\n<dt id=\"does%20it%20detect%20real%20ips%20behind%20cloudflare%3F\"><h3>Does it detect real IPs behind Cloudflare?<\/h3><\/dt>\n<dd><p>Yes. Sitevorx reads the <code>CF-Connecting-IP<\/code> header to identify the real visitor IP behind Cloudflare's proxy.<\/p><\/dd>\n<dt id=\"i%20forgot%20my%20secret%20login%20url.%20how%20do%20i%20get%20back%20in%3F\"><h3>I forgot my secret login URL. How do I get back in?<\/h3><\/dt>\n<dd><p>Open phpMyAdmin (or any database tool), find the <code>wp_options<\/code> table, and delete the row where <code>option_name<\/code> is <code>sitevorx_sec_login_key<\/code>. Then access <code>\/wp-login.php<\/code> as usual.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.2.4<\/h4>\n\n<ul>\n<li><strong>Fixed (Email): m\u1ea5t to\u00e0n b\u1ed9 email sau khi \u0111\u1ed5i m\u00e1y ch\u1ee7 \/ \u0111\u1ed5i kh\u00f3a b\u1ea3o m\u1eadt.<\/strong> Khi <code>AUTH_KEY<\/code>\/salt thay \u0111\u1ed5i (th\u01b0\u1eddng g\u1eb7p l\u00fac chuy\u1ec3n hosting), m\u1eadt kh\u1ea9u SMTP \u0111\u00e3 m\u00e3 h\u00f3a kh\u00f4ng gi\u1ea3i m\u00e3 \u0111\u01b0\u1ee3c \u2014 b\u1ea3n c\u0169 v\u1eabn l\u1ea5y chu\u1ed7i m\u00e3 h\u00f3a l\u00e0m m\u1eadt kh\u1ea9u n\u00ean m\u1ecdi <code>wp_mail<\/code> (\u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u, \u0111\u01a1n h\u00e0ng WooCommerce\u2026) th\u1ea5t b\u1ea1i \u00e2m th\u1ea7m. Nay t\u1ef1 nh\u1eadn di\u1ec7n l\u1ed7i gi\u1ea3i m\u00e3, t\u1ea1m g\u1eedi b\u1eb1ng <code>mail()<\/code> m\u1eb7c \u0111\u1ecbnh v\u00e0 hi\u1ec7n c\u1ea3nh b\u00e1o trong admin \u0111\u1ec3 nh\u1eadp l\u1ea1i m\u1eadt kh\u1ea9u.<\/li>\n<li><strong>Fixed (B\u1ea3o m\u1eadt): kh\u00f4ng c\u00f2n t\u1ef1 kh\u00f3a ch\u00ednh m\u00ecnh khi b\u1eadt c\u00f9ng l\u00fac \"Kh\u00f3a IP\" + reCAPTCHA.<\/strong> Tr\u01b0\u1edbc \u0111\u00e2y l\u1ed7i reCAPTCHA (m\u1ea1ng ch\u1eadm \/ tr\u00ecnh ch\u1eb7n qu\u1ea3ng c\u00e1o) ho\u1eb7c b\u1eaby honeypot c\u0169ng b\u1ecb t\u00ednh v\u00e0o s\u1ed1 l\u1ea7n \u0111\u0103ng nh\u1eadp sai \u2192 admin nh\u1eadp \u0111\u00fang m\u1eadt kh\u1ea9u v\u1eabn b\u1ecb kh\u00f3a t\u1edbi 24h. Nay ch\u1ec9 \u0111\u1ebfm l\u1ea7n nh\u1eadp sai th\u00f4ng tin \u0111\u0103ng nh\u1eadp th\u1eadt.<\/li>\n<li><strong>Added: ch\u1ec9nh S\u1ed1 l\u1ea7n sai t\u1ed1i \u0111a \/ Th\u1eddi gian kh\u00f3a \/ Danh s\u00e1ch IP mi\u1ec5n kh\u00f3a<\/strong> ngay trong Trung T\u00e2m B\u1ea3o M\u1eadt (tr\u01b0\u1edbc \u0111\u00e2y c\u00e1c th\u00f4ng s\u1ed1 n\u00e0y k\u1eb9t \u1edf m\u1eb7c \u0111\u1ecbnh 5 l\u1ea7n \/ 24 gi\u1edd v\u00ec kh\u00f4ng c\u00f3 giao di\u1ec7n ch\u1ec9nh).<\/li>\n<li><strong>Fixed (Qu\u00e9t m\u00e3 \u0111\u1ed9c): kh\u00f4ng c\u00f2n b\u00e1o \"An to\u00e0n\" khi m\u1edbi qu\u00e9t \u0111\u01b0\u1ee3c m\u1ed9t ph\u1ea7n.<\/strong> Tr\u00ean site l\u1edbn, l\u01b0\u1ee3t qu\u00e9t d\u1eebng \u1edf gi\u1edbi h\u1ea1n 30 gi\u00e2y nay hi\u1ec7n r\u00f5 \"Qu\u00e9t ch\u01b0a ho\u00e0n t\u1ea5t \u2014 h\u00e3y qu\u00e9t l\u1ea1i\" thay v\u00ec k\u1ebft lu\u1eadn an to\u00e0n nh\u1ea7m.<\/li>\n<li><strong>Fixed (HSTS \/ Security Headers) sau Cloudflare \/ reverse proxy.<\/strong> <code>is_ssl()<\/code> tr\u1ea3 v\u1ec1 false khi TLS k\u1ebft th\u00fac \u1edf CDN khi\u1ebfn kh\u00f4ng b\u1eadt\/kh\u00f4ng g\u1eedi \u0111\u01b0\u1ee3c HSTS v\u00e0 \u0111i\u1ec3m SSL b\u1ecb sai; nay nh\u1eadn bi\u1ebft HTTPS qua header c\u1ee7a proxy (<code>X-Forwarded-Proto<\/code>, CF-Visitor).<\/li>\n<li><strong>Fixed (D\u1ecdn d\u1eb9p t\u1ef1 \u0111\u1ed9ng theo l\u1ecbch): gi\u1eef l\u1ea1i 5 revision m\u1edbi nh\u1ea5t m\u1ed7i b\u00e0i<\/strong> thay v\u00ec x\u00f3a s\u1ea1ch to\u00e0n b\u1ed9 revision \u2014 v\u1ed1n m\u00e2u thu\u1eabn v\u1edbi t\u00f9y ch\u1ecdn \"Gi\u1edbi h\u1ea1n t\u1ed1i \u0111a 5 revision\". N\u00fat d\u1ecdn d\u1eb9p th\u1ee7 c\u00f4ng v\u1eabn x\u00f3a to\u00e0n b\u1ed9 nh\u01b0 tr\u01b0\u1edbc.<\/li>\n<li><strong>Fixed: th\u00f4ng b\u00e1o c\u1ee7a Sitevorx kh\u00f4ng c\u00f2n \"chi\u1ebfm\" th\u00f4ng b\u00e1o c\u1ee7a plugin kh\u00e1c<\/strong> \u2014 ch\u1ec9 th\u00f4ng b\u00e1o do ch\u00ednh Sitevorx ph\u00e1t ra m\u1edbi \u0111\u01b0\u1ee3c chuy\u1ec3n th\u00e0nh toast.<\/li>\n<li><strong>Fixed: Export thi\u1ebft l\u1eadp kh\u00f4ng c\u00f2n r\u00f2 r\u1ec9<\/strong> t\u1eeb kh\u00f3a \u0111\u0103ng nh\u1eadp b\u00ed m\u1eadt v\u00e0 Secret Key reCAPTCHA (l\u01b0u d\u1ea1ng plaintext) ra file JSON.<\/li>\n<li><strong>Stability: t\u1ef1 d\u1ecdn th\u01b0 m\u1ee5c export t\u1ea1m.<\/strong> Th\u00eam cron d\u1ecdn th\u01b0 m\u1ee5c <code>uploads\/sitevorx-migrate\/{job}<\/code> qu\u00e1 h\u1ea1n (&gt;6h) \u0111\u1ec3 kh\u00f4ng \u0111\u1ea7y \u0111\u0129a, \u0111\u1ed3ng th\u1eddi ch\u1eeba c\u00e1c job \u0111ang ch\u1ea1y. B\u01b0\u1edbc ho\u00e0n t\u1ea5t export nay idempotent, tr\u00e1nh t\u1ea1o file ZIP h\u1ecfng khi thao t\u00e1c b\u1ecb l\u1eb7p l\u1ea1i.<\/li>\n<li><strong>Fixed: ch\u00e8n m\u00e3 tracking Header\/Footer<\/strong> kh\u00f4ng c\u00f2n l\u1ecdc nh\u1ea7m Google AdSense (<code>&lt;ins&gt;<\/code>), Plausible\/Umami (<code>data-*<\/code>).<\/li>\n<li><strong>Hardening: SVG sanitizer<\/strong> ch\u1eb7n theo c\u1ea3 ph\u1ea7n m\u1edf r\u1ed9ng <code>.svg<\/code> (kh\u00f4ng ch\u1ec9 MIME) v\u00e0 x\u1eed l\u00fd l\u1ed7i ghi t\u1ec7p an to\u00e0n h\u01a1n.<\/li>\n<\/ul>\n\n<h4>1.2.3<\/h4>\n\n<ul>\n<li><strong>Fixed: \"\u0110\u1ed5i URL \u0111\u0103ng nh\u1eadp\" \u2014 \u0111\u0103ng nh\u1eadp xong b\u1ecb \u0111\u00e1 v\u1ec1 trang ch\u1ee7 thay v\u00ec v\u00e0o wp-admin.<\/strong> Form \u0111\u0103ng nh\u1eadp c\u1ee7a WordPress POST t\u1edbi <code>wp-login.php<\/code> tr\u1ed1ng (kh\u00f4ng k\u00e8m t\u1eeb kh\u00f3a b\u00ed m\u1eadt), n\u00ean vi\u1ec7c cho qua ph\u1ee5 thu\u1ed9c ho\u00e0n to\u00e0n v\u00e0o cookie set l\u00fac m\u1edf trang login. Khi trang login b\u1ecb page-cache (CDN \/ plugin cache) th\u00ec <code>setcookie()<\/code> kh\u00f4ng ch\u1ea1y \u2192 cookie kh\u00f4ng t\u1ed3n t\u1ea1i \u2192 POST b\u1ecb ch\u1eb7n v\u00e0 \u0111\u00e1 v\u1ec1 trang ch\u1ee7 TR\u01af\u1edaC khi x\u00e1c th\u1ef1c. Nay t\u1eeb kh\u00f3a \u0111\u01b0\u1ee3c g\u1eafn th\u1eb3ng v\u00e0o <code>action<\/code> c\u1ee7a form qua filter <code>site_url<\/code> (scheme <code>login_post<\/code>), n\u00ean POST t\u1ef1 \u0111\u01b0\u1ee3c u\u1ef7 quy\u1ec1n b\u1eb1ng <code>?key<\/code> \u2014 kh\u00f4ng c\u00f2n ph\u1ee5 thu\u1ed9c cookie\/cache.<\/li>\n<li><strong>Fixed: form\/webhook c\u1ee7a kh\u00e1ch (<code>admin-post.php<\/code>) b\u1ecb \u0111\u00e1 v\u1ec1 trang ch\u1ee7 khi b\u1eadt \"\u0110\u1ed5i URL \u0111\u0103ng nh\u1eadp\".<\/strong> Ch\u1ed1t ch\u1eb7n wp-admin d\u00f9ng <code>is_admin()<\/code> v\u00f4 t\u00ecnh ch\u1eb7n c\u1ea3 <code>admin-post.php<\/code> \u2014 endpoint x\u1eed l\u00fd form g\u1eedi \u0111i c\u1ee7a kh\u00e1ch ch\u01b0a \u0111\u0103ng nh\u1eadp (<code>admin_post_nopriv_*<\/code>: form li\u00ean h\u1ec7, callback thanh to\u00e1n\u2026). Nay <code>admin-post.php<\/code> \u0111\u01b0\u1ee3c mi\u1ec5n tr\u1eeb (nh\u1eadn di\u1ec7n qua <code>$pagenow<\/code> + <code>SCRIPT_NAME<\/code>).<\/li>\n<\/ul>\n\n<h4>1.2.2<\/h4>\n\n<ul>\n<li><strong>Fixed: \"Li\u00ean k\u1ebft b\u1ea1n theo d\u00f5i \u0111\u00e3 h\u1ebft h\u1ea1n\"<\/strong> khi click t\u1ea3i file <code>.zip<\/code> ngay sau khi export xong. Nguy\u00ean nh\u00e2n: job_id sinh ra h\u1ed7n h\u1ee3p hoa-th\u01b0\u1eddng, nh\u01b0ng <code>sanitize_key()<\/code> trong download handler t\u1ef1 lowercase \u2192 action string c\u1ee7a nonce \u1edf 2 \u0111\u1ea7u kh\u00e1c case \u2192 <code>wp_verify_nonce<\/code> fail. Job_id gi\u1edd lu\u00f4n lowercase t\u1eeb l\u00fac t\u1ea1o.<\/li>\n<li><strong>Performance: time-budget loop<\/strong> \u2014 m\u1ed7i AJAX step gi\u1edd l\u1eb7p n\u1ed9i tuy\u1ebfn t\u1edbi <code>SITEVORX_MIGRATE_STEP_BUDGET_SEC = 15s<\/code> thay v\u00ec ch\u1ec9 l\u00e0m 40 file r\u1ed3i return. Gi\u1ea3m round trip HTTP 5-10\u00d7 cho site nhi\u1ec1u file.<\/li>\n<li><strong>Performance: skip deflate cho media \u0111\u00e3 n\u00e9n<\/strong> \u2014 JPEG\/PNG\/MP4\/PDF\/ZIP\u2026 append v\u00e0o archive v\u1edbi <code>ZipArchive::CM_STORE<\/code>. Giai \u0111o\u1ea1n n\u00e9n nhanh h\u01a1n 3-5\u00d7 tr\u00ean site WordPress media-heavy.<\/li>\n<\/ul>\n\n<h4>1.2.1<\/h4>\n\n<ul>\n<li><strong>Security (Critical)<\/strong> \u2014 file backup <code>.zip<\/code> \u1edf 1.2.0 \u0111\u1eb7t th\u1eb3ng v\u00e0o <code>wp-content\/uploads\/sitevorx-migrate\/{job_id}\/...<\/code> v\u1edbi job_id ch\u1ec9 8 k\u00fd t\u1ef1, kh\u00f4ng c\u00f3 auth gate \u2192 kh\u1ea3 n\u0103ng \u0111o\u00e1n URL v\u00e0 t\u1ea3i full DB hash. 1.2.1: download chuy\u1ec3n sang endpoint <code>admin-post.php?action=sitevorx_migrate_download<\/code> c\u00f3 <code>manage_options<\/code> cap + nonce + per-job binding, stream qua PHP. Job_id t\u0103ng l\u00ean 32 k\u00fd t\u1ef1 + th\u00eam <code>.htaccess<\/code> (Apache) \/ <code>web.config<\/code> (IIS) deny \u1edf root <code>sitevorx-migrate\/<\/code> l\u00e0m defense-in-depth.<\/li>\n<li><strong>Stability<\/strong> \u2014 file inventory chuy\u1ec3n t\u1eeb transient sang JSON tr\u00ean disk (<code>{tmp_dir}\/files.json<\/code>). 1.2.0 nh\u1ed3i c\u1ea3 m\u1ea3ng path v\u00e0o transient \u2192 site 50k file (5GB media) l\u00e0m row <code>wp_options<\/code> v\u01b0\u1ee3t <code>max_allowed_packet<\/code> \u2192 <code>set_transient()<\/code> fail silent, job ch\u1ebft ngay sau init.<\/li>\n<li><strong>Performance<\/strong> \u2014 DB dump d\u00f9ng cursor pagination (<code>WHERE pk &gt; $last_pk<\/code>) khi b\u1ea3ng c\u00f3 primary key integer; fallback OFFSET. 1.2.0 d\u00f9ng OFFSET c\u1ed1 \u0111\u1ecbnh \u2192 O(n\u00b2) tr\u00ean InnoDB n\u00ean b\u1ea3ng tri\u1ec7u row m\u1ea5t h\u00e0ng ph\u00fat m\u1ed7i chunk th\u1ee9 1000+.<\/li>\n<li><strong>Correctness<\/strong> \u2014 multisite: drop logic match <code>base_prefix<\/code> (1.2.0 d\u00f9ng OR base_prefix \u2192 sub-site export nu\u1ed1t nh\u1ea7m b\u1ea3ng c\u1ee7a c\u00e1c sub-site kh\u00e1c). Gi\u1edd ch\u1ec9 match <code>$wpdb-&gt;prefix<\/code> \u0111\u00fang sub-site hi\u1ec7n t\u1ea1i.<\/li>\n<li>Lo\u1ea1i tr\u1eeb th\u00eam: <code>node_modules<\/code>, <code>.git<\/code>, <code>.svn<\/code>, <code>.hg<\/code>, <code>.idea<\/code>, <code>.vscode<\/code> \u1edf m\u1ecdi v\u1ecb tr\u00ed trong c\u00e2y th\u01b0 m\u1ee5c.<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>New: trang <strong>Sao ch\u00e9p Website<\/strong> (<code>includes\/sitevorx-migrate.php<\/code>) \u2014 exporter chunked AJAX \u0111\u00f3ng g\u00f3i database + <code>wp-content\/{uploads,themes,plugins,mu-plugins}<\/code> th\u00e0nh 1 file <code>.zip<\/code> duy nh\u1ea5t, k\u00e8m <code>manifest.json<\/code> ch\u1ee9a marker <code>sitevorx-migrate-v1<\/code>, \u0111\u1ec3 chuy\u1ec3n sang hosting kh\u00e1c ho\u1eb7c l\u01b0u sao l\u01b0u offline.<\/li>\n<li>Exporter ch\u1ea1y theo l\u00f4 qua 3 endpoint AJAX (init \/ step \/ finalize) \u2014 m\u1ed7i step x\u1eed l\u00fd 40 file ho\u1eb7c 1 b\u1ea3ng DB r\u1ed3i tr\u1ea3 ti\u1ebfn \u0111\u1ed9, n\u00ean kh\u00f4ng b\u1ecb timeout tr\u00ean hosting c\u00f3 max_execution_time th\u1ea5p. C\u00f3 thanh progress, link t\u1ea3i v\u1ec1 v\u00e0 n\u00fat d\u1ecdn d\u1eb9p file t\u1ea1m.<\/li>\n<li>DB dump streaming-friendly: chunk 500 row\/l\u1ea7n qua <code>SELECT \u2026 LIMIT\/OFFSET<\/code>, ghi th\u1eb3ng INSERT v\u00e0o <code>database.sql<\/code> kh\u00f4ng n\u1ea1p full table v\u00e0o memory.<\/li>\n<li>T\u1ef1 lo\u1ea1i tr\u1eeb th\u01b0 m\u1ee5c cache n\u1eb7ng (cache, wflogs, litespeed, et-cache, w3tc-config) v\u00e0 file r\u00e1c (.DS_Store, Thumbs.db, error_log, debug.log) \u0111\u1ec3 b\u1ea3n sao g\u1ecdn nh\u1ea5t c\u00f3 th\u1ec3.<\/li>\n<li>Ph\u1ea7n <strong>Import<\/strong> (gi\u1ea3i n\u00e9n + restore DB + serialized search-replace URL) s\u1ebd ra \u1edf b\u1ea3n 1.2.1.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>New module: <strong>Trung T\u00e2m B\u1ea3o M\u1eadt<\/strong> (Security Center) \u2014 gom c\u00e1c t\u00ednh n\u0103ng b\u1ea3o m\u1eadt v\u00e0 b\u1ed5 sung Security Score, Headers, Honeypot, User Enumeration Protection, Login Notification, Core Integrity Checker.<\/li>\n<li>New: HTTP Security Headers (<code>X-Content-Type-Options<\/code>, <code>X-Frame-Options<\/code>, <code>Referrer-Policy<\/code>, <code>Permissions-Policy<\/code>) \u2014 ch\u1ec9 \u00e1p d\u1ee5ng tr\u00ean frontend.<\/li>\n<li>New: Login Honeypot \u2014 ch\u00e8n hidden field b\u1eaby bot v\u00e0o form \u0111\u0103ng nh\u1eadp, kh\u00f4ng \u1ea3nh h\u01b0\u1edfng ng\u01b0\u1eddi d\u00f9ng th\u1eadt.<\/li>\n<li>New: User Enumeration Protection \u2014 ch\u1eb7n <code>?author=N<\/code> v\u00e0 REST API <code>\/wp\/v2\/users<\/code> cho kh\u00e1ch.<\/li>\n<li>New: Login Notification \u2014 g\u1eedi email cho admin khi t\u00e0i kho\u1ea3n <code>manage_options<\/code> \u0111\u0103ng nh\u1eadp th\u00e0nh c\u00f4ng (cooldown 1h\/IP).<\/li>\n<li>New: WordPress Core Integrity Checker \u2014 \u0111\u1ed1i chi\u1ebfu MD5 c\u00e1c file core v\u1edbi <code>api.wordpress.org\/core\/checksums\/1.0\/<\/code> \u0111\u1ec3 ph\u00e1t hi\u1ec7n file b\u1ecb s\u1eeda \u0111\u1ed5i ho\u1eb7c thi\u1ebfu (ch\u1ea1y theo y\u00eau c\u1ea7u, \u0111\u00e3 khai b\u00e1o trong External Services).<\/li>\n<li>UI: trang \"T\u1ed1i \u01b0u &amp; B\u1ea3o m\u1eadt\" \u0111\u1ed5i t\u00ean th\u00e0nh \"T\u1ed1i \u01b0u T\u1ed1c \u0110\u1ed9\"; menu sidebar v\u00e0 dashboard c\u00f3 card m\u1edbi cho Security Center.<\/li>\n<li>Compliance: ghi nh\u1eadn h\u00e0nh \u0111\u1ed9ng b\u1ea3o m\u1eadt th\u00f4ng qua audit log th\u1ed1ng nh\u1ea5t (<code>sitevorx_audit_log<\/code>), kh\u00f4ng l\u01b0u song song nhi\u1ec1u ring buffer.<\/li>\n<\/ul>\n\n<h4>1.0.11<\/h4>\n\n<ul>\n<li>Dashboard: each health issue now has a \"\u2192\" action link that jumps directly to the page where the admin can fix it (B\u1ea3o m\u1eadt, SMTP, B\u1ea3o tr\u00ec, Ti\u1ec7n \u00edch).<\/li>\n<li>Dashboard: new detection \u2014 <code>DISALLOW_WP_CRON<\/code> set in wp-config.php. Warns the admin that internal WP-Cron is off and an external cron must be calling wp-cron.php, otherwise scheduled cleanup will not run.<\/li>\n<li>Dashboard: new detection \u2014 recent SMTP failures. If SMTP logging is on, the dashboard counts non-success entries in the last 24h and links straight to the log tab.<\/li>\n<li>Dashboard: new detection \u2014 active login lockouts. Shows how many IPs are currently locked, with a one-click jump to the B\u1ea3o M\u1eadt tab where they can be unlocked.<\/li>\n<li>Audit log: diff summary now ignores default-off toggles on first save \u2014 only flags fields whose normalized on\/off state actually flipped, so the \"Ng\u1eef c\u1ea3nh\" column lists just what the admin changed.<\/li>\n<li>Hardening: lockout diagnostics SQL query now wraps the LIKE patterns with <code>$wpdb-&gt;prepare()<\/code> + <code>$wpdb-&gt;esc_like()<\/code> to satisfy Plugin Check, even though both patterns are hardcoded.<\/li>\n<\/ul>\n\n<h4>1.0.10<\/h4>\n\n<ul>\n<li>Audit log: the \"Ng\u1eef c\u1ea3nh\" column now describes what changed instead of dumping the full toggle state. Saving the security tab now records entries like \"B\u1eadt Kh\u00f3a XML-RPC, T\u1eaft reCAPTCHA \u0111\u0103ng nh\u1eadp, \u0110\u1ed5i s\u1ed1 l\u1ea7n sai t\u1ed1i \u0111a\" instead of <code>login_key=off | disable_editor=on | ...<\/code>.<\/li>\n<li>Audit log: split \"L\u01b0u c\u1ea5u h\u00ecnh T\u1ed1i \u01b0u &amp; B\u1ea3o m\u1eadt\" into two distinct events \u2014 \"L\u01b0u c\u1ea5u h\u00ecnh T\u0103ng t\u1ed1c Website\" (T\u0103ng T\u1ed1c tab) and \"L\u01b0u c\u1ea5u h\u00ecnh B\u1ea3o m\u1eadt &amp; T\u01b0\u1eddng l\u1eeda\" (B\u1ea3o M\u1eadt tab) \u2014 so the timeline is easier to read.<\/li>\n<li>Audit log: manual cleanup entries now say which cleanup categories were picked (e.g. \"D\u1ecdn: b\u1ea3n nh\u00e1p, b\u00ecnh lu\u1eadn r\u00e1c \u2014 t\u1ed5ng 2 nh\u00f3m\") instead of <code>revisions=1 | spam=0 | transients=1 | items=2<\/code>.<\/li>\n<li>Audit log: new public helper <code>sitevorx_audit_summarize_diff()<\/code> for any module that wants to produce a similar before\/after change list.<\/li>\n<\/ul>\n\n<h4>1.0.9<\/h4>\n\n<ul>\n<li>Login lockout: maximum failed attempts and lockout duration are now admin-configurable (3\u201350 attempts, 5 minutes to 7 days). Defaults preserve previous behavior (5 attempts, 24 hours).<\/li>\n<li>Login lockout: new IP allowlist (one IPv4\/IPv6 per line) \u2014 listed IPs are never counted and never locked, so an administrator on a known IP cannot lock themselves out.<\/li>\n<li>Login lockout: \"IP \u0111ang b\u1ecb kh\u00f3a\" diagnostics panel under T\u1ed1i \u01b0u &amp; B\u1ea3o m\u1eadt \u2192 B\u1ea3o M\u1eadt &amp; T\u01b0\u1eddng L\u1eeda shows currently locked entries (hash + attempt count + expiry timestamp) with a per-row Unlock button. Unlock action is gated by manage_options + nonce and writes a <code>login_unlock<\/code> event to the audit log.<\/li>\n<li>Audit log: lockouts now write a <code>login_lockout<\/code> event the moment the threshold is hit, with IP, attempt count, last submitted username, and configured lockout window.<\/li>\n<li>Hardening: aligned the audit log's IP capture with <code>sitevorx_get_client_ip()<\/code> so Cloudflare's CF-Connecting-IP is only trusted when the matching CF-Ray header is present (not spoofable from arbitrary clients).<\/li>\n<li>i18n: restored Vietnamese diacritics in the reCAPTCHA failure messages and the two reCAPTCHA tab comments that had been mojibake-encoded.<\/li>\n<\/ul>\n\n<h4>1.0.8<\/h4>\n\n<ul>\n<li>Compliance: SMTP log listing now uses <code>$wpdb-&gt;prepare()<\/code> for the LIMIT clause to satisfy automated SQL-injection scanners.<\/li>\n<li>Compliance: removed PHP <code>@<\/code> error suppression on the malware scanner's file read; the scanner now checks <code>is_readable()<\/code> first and still gracefully skips unreadable files.<\/li>\n<li>Compliance: clarified External Services disclosure in readme.txt to cover both reCAPTCHA v2 and v3, and to name the <code>api\/siteverify<\/code> verification endpoint explicitly.<\/li>\n<li>New: Audit Log submenu (Sitevorx \u2192 Nh\u1eadt k\u00fd Ki\u1ec3m to\u00e1n) recording sensitive admin actions (settings save\/reset\/import, SMTP test, malware scan, scheduled cleanup change, manual cleanup run, disk file delete, log clear). Ring buffer of the 200 most recent entries, stored in the <code>sitevorx_audit_log<\/code> option (no new database table).<\/li>\n<li>Hardening: factory reset now preserves the audit trail by skipping the audit-log option, so administrators can review what was reset after the fact. Uninstall still drops the option on full removal.<\/li>\n<li>Dashboard: health overview now reflects runtime state, not just saved options. New warnings: scheduled cleanup enabled but no next run on cron (silent failure), SMTP mailer selected but missing credentials, reCAPTCHA toggle on but Site\/Secret key empty, Maintenance Mode active (visitors blocked), WP_DEBUG still on in production.<\/li>\n<li>Dashboard: SMTP and Cron status cards now show a red \"Thi\u1ebfu credential\" \/ \"L\u1ed7i l\u1ecbch\" badge when the saved option does not match runtime readiness, and the health score stops counting a broken cron or credentials-less mailer as a passing check.<\/li>\n<\/ul>\n\n<h4>1.0.7<\/h4>\n\n<ul>\n<li>Fixed the Google reCAPTCHA key link so it opens the key creation screen instead of the last-used site analytics page.<\/li>\n<li>Updated the reCAPTCHA settings heading to match the available v2\/v3 selector.<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Removed the Security Center module from the admin UI and runtime loader to avoid overlap with the existing Optimizer &amp; Security hardening controls.<\/li>\n<li>Disabled the unfinished WAF, 2FA, Security Headers, and Activity Log hooks by no longer loading the Security Center module.<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Improved: Heartbeat optimization now throttles the API to 60 seconds instead of fully disabling it, preserving autosave and post-locking.<\/li>\n<li>Improved: SVG sanitizer now rejects DOCTYPE, ENTITY, SYSTEM, and PUBLIC declarations to defend against XXE attacks; admin-only upload still required.<\/li>\n<li>Improved: SMTP \"Force From Email\" now warns when the sender domain differs from the site domain (SPF\/DKIM mismatch hint).<\/li>\n<li>Improved: Scheduled cleanup skips <code>OPTIMIZE TABLE<\/code> on tables larger than 500MB to avoid long table locks on shared hosting.<\/li>\n<li>New: reCAPTCHA v3 (invisible, score-based) is now selectable alongside v2; configurable score threshold filter <code>sitevorx_recaptcha_v3_score_threshold<\/code> (default 0.5).<\/li>\n<li>Compliance: Added empty <code>index.php<\/code> files in <code>\/assets<\/code>, <code>\/includes<\/code>, <code>\/languages<\/code> for directory listing protection.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Fixed the in-plugin language switch so Vietnamese mode stays Vietnamese even when the WordPress site\/user locale is English.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Added dashboard, support, and rating links to the WordPress Plugins screen.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Second pass on WordPress Plugin Directory automated review feedback:\n\n<ul>\n<li>Header\/footer script output now goes through <code>wp_kses()<\/code> with a strict allow-list (<code>sitevorx_kses_tracking_tags()<\/code>) that permits only tracking \/ verification markup (script, noscript, meta, link, iframe, img, a, div, span, p). Every attribute value is still run through <code>wp_kses_bad_protocol()<\/code> which strips <code>javascript:<\/code>, <code>data:<\/code> and <code>vbscript:<\/code> URLs.<\/li>\n<li>The \"Clear error log\" feature now targets the canonical <code>WP_CONTENT_DIR\/debug.log<\/code> location and uses the WordPress <code>WP_Filesystem<\/code> API. The plugin no longer writes anywhere outside <code>wp-content\/<\/code>.<\/li>\n<li>Escaped the secret login URL preview with <code>esc_url( home_url( '\/?' . $key ) )<\/code>.<\/li>\n<li>Removed the runtime <code>.po<\/code> -&gt; <code>.mo<\/code> translation compiler. The plugin previously regenerated <code>languages\/sitevorx-en_US.mo<\/code> on demand; that wrote to the plugin folder, which is not allowed. The compiled <code>.mo<\/code> is now shipped pre-built with the plugin and WordPress loads it normally.<\/li>\n<li>Removed the runtime machine-translation fallback. The plugin no longer contacts any translation service. The bundled <code>.mo<\/code> file is now the only source of English strings.<\/li>\n<li>Wrapped every remaining dynamic CSS class \/ inline style ternary (e.g. <code>echo $active ? 'on' : 'off'<\/code>) with <code>esc_attr()<\/code> across the sidebar, dashboard overview, SMTP\/Optimizer\/Utilities\/Disk Cleaner tab navigation, and server stat cards, so automated scanners can see the escape explicitly.<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Security hardening per WordPress Plugin Review feedback:\n\n<ul>\n<li>Added <code>sanitize_text_field()<\/code> wrapper around every nonce value passed to <code>wp_verify_nonce()<\/code>.<\/li>\n<li>Sanitized <code>$_POST<\/code> raw script fields (header\/footer injection) with a dedicated helper (<code>sitevorx_sanitize_raw_script<\/code>) before <code>update_option()<\/code>; save path remains gated by the <code>unfiltered_html<\/code> capability.<\/li>\n<li>Replaced <code>esc_url_raw()<\/code> with <code>esc_url()<\/code> for inline CSS output in the custom login logo.<\/li>\n<li>Escaped every translated\/output string that previously used <code>__()<\/code> inside <code>echo<\/code>\/<code>printf<\/code>\/<code>sprintf<\/code>: now wrapped with <code>esc_html__()<\/code>, <code>esc_html( sprintf(...) )<\/code>, or the <code>sitevorx_kses_basic()<\/code> helper (allowlisted <code>&lt;strong&gt;<\/code>, <code>&lt;a&gt;<\/code>, <code>&lt;br&gt;<\/code>, <code>&lt;code&gt;<\/code>, ...).<\/li>\n<li>Hardened the JSON import flow with explicit <code>wp_unslash()<\/code> + <code>wp_check_invalid_utf8()<\/code> before <code>json_decode()<\/code>; per-field sanitization was already enforced on every decoded value.<\/li>\n<li>Escaped integer counters and dynamic CSS class\/style values with <code>(int)<\/code>, <code>esc_attr()<\/code>, and <code>esc_html()<\/code> across all admin screens.<\/li>\n<li>Sanitized the <code>heavy_files[]<\/code> array from the disk cleaner with <code>array_map( 'sanitize_text_field', wp_unslash(...) )<\/code>.<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial public release.<\/li>\n<li>Full security audit: nonce verification, capability checks, input sanitization on all forms.<\/li>\n<li>Malware scanner for files and database.<\/li>\n<li>System optimizer with scheduled WP-Cron cleanup.<\/li>\n<li>Maintenance &amp; Update monitor module.<\/li>\n<li>Modern Flex\/Grid responsive dashboard UI.<\/li>\n<li>Complete Vietnamese localization.<\/li>\n<li>Dashboard: complete UI redesign \u2014 hero banner, storage visualization bars, health progress, feature module cards with status badges, 6-card server info grid.<\/li>\n<li>Dashboard: \"Xem dung l\u01b0\u1ee3ng chi ti\u1ebft\" links directly to Detailed Storage tab.<\/li>\n<li>Disk Space Manager: two-tab interface \u2014 \"File C\u1ee1 L\u1edbn (&gt;50 MB)\" (scan &amp; delete) and \"Dung L\u01b0\u1ee3ng Chi Ti\u1ebft\" (WP Content breakdown by plugins\/themes\/uploads\/other + top-10 DB tables + Refresh).<\/li>\n<li>Security: added validation \u2014 cannot enable \"\u0110\u1ed5i \u0110\u01b0\u1eddng D\u1eabn \u0110\u0103ng Nh\u1eadp\" or \"Kh\u00f3a T\u1ef1 \u0110\u1ed9ng \u0110\u0103ng Nh\u1eadp\" without filling required fields; shows error instead of silently reverting.<\/li>\n<li>i18n: bundled language files included for English and Vietnamese.<\/li>\n<li>i18n: added new translation strings for all new UI elements.<\/li>\n<\/ul>","raw_excerpt":"An all-in-one WordPress toolkit for site optimization, security hardening, SMTP configuration, disk cleanup, and maintenance monitoring.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/298697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=298697"}],"author":[{"embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/inetcorp"}],"wp:attachment":[{"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=298697"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=298697"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=298697"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=298697"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=298697"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=298697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}