PP Plugin Pilot

Features

Everything you need to run WordPress fleets responsibly.

Plugin Pilot is the control plane. The WordPress plugin is just the gateway: every decision, every secret, every charge lives in one place.

Scans

AI-graded plugin analysis

Beyond a CVE feed: severity, blast-radius, fix priority, and a human-readable summary for every flagged plugin. Run on demand, on a schedule, or trigger from the portal.

  • Per-plugin risk score with context
  • Zip preflight before any deploy
  • Audit-logged scan runs you can re-open later
Scanning fleet 128 sites, 2,341 plugins
Updates

Push updates without breaking sites

Updates flow through your control plane, not WordPress vendor channels. Licence checks, zip integrity, and rollback breadcrumbs are baked in.

  • Licence-aware update gating
  • One-click push to one site or many
  • Per-site update history and failure surfacing
Update queue 3 pending, 2 succeeded, 0 failed
Billing

Subscriptions and entitlements built in

Plans live in the admin and flow straight to the customer portal and the WordPress plugin upsell modals. No double-bookkeeping with a separate billing tool.

  • Operator-edited plans (no code changes per tier)
  • Site limits enforced by the policy engine
  • Webhook-ready for downstream provisioning
Pro plan Renewed automatically
Portal

A customer portal you do not have to build

Customers log in to manage their sites, scans, and subscriptions. Connect Codes link sites in seconds and rotate when needed.

  • Multi-site dashboard per customer
  • Self-service connect code rotation
  • Upgrade prompts that point at your plans
Fleet, 12 sites All current, 0 attention
Security

Secrets stay where they belong

Provider keys, billing webhooks, and AI credentials live in the control plane, not in the WordPress plugin. Every mutation is CSRF-protected and audit-logged.

  • Owner password hashing, regenerated sessions
  • CSRF on every mutating form
  • Redacted audit trail on every change
Audit log 142 events, last 24h