{"id":316463,"date":"2026-07-11T14:20:17","date_gmt":"2026-07-11T14:20:17","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/champlin-pre-flight-audit\/"},"modified":"2026-07-11T14:19:53","modified_gmt":"2026-07-11T14:19:53","slug":"champlin-pre-flight-audit","status":"publish","type":"plugin","link":"https:\/\/tuk.wordpress.org\/plugins\/champlin-pre-flight-audit\/","author":13613164,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.7","stable_tag":"1.0.7","tested":"7.0.1","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"Champlin Pre-Flight Audit","header_author":"Champlin Enterprises","header_description":"Premium pre-flight (and post-flight) audit for the WordPress 7.0 upgrade. Server, plugins, custom code, headless surfaces, multisite, security \u2014 30+ automated checks with a visual readiness score. Free. Built by Champlin Enterprises.","assets_banners_color":"172961","last_updated":"2026-07-11 14:19:53","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/champlinenterprises.com\/wordpress-7-0-readiness-checklist.html","header_author_uri":"https:\/\/champlinenterprises.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":53,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.7":{"tag":"1.0.7","author":"cnckevin","date":"2026-07-11 14:19:53"}},"upgrade_notice":{"1.0.0":"<p>Initial release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3604000,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3604000,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3604000,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3604000,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.7"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3604000,"resolution":"1","location":"assets","locale":"","width":1280,"height":524},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3604000,"resolution":"2","location":"assets","locale":"","width":1280,"height":194}},"screenshots":{"1":"The readiness dashboard with visual score, summary pills, and category breakdown.","2":"Per-finding view with status icon, technical detail, and remediation hint."}},"plugin_section":[],"plugin_tags":[8533,3005,19986,271073,5939],"plugin_category":[],"plugin_contributors":[132705],"plugin_business_model":[],"class_list":["post-316463","plugin","type-plugin","status-publish","hentry","plugin_tags-audit","plugin_tags-compatibility","plugin_tags-enterprise","plugin_tags-readiness","plugin_tags-upgrade","plugin_contributors-cnckevin","plugin_committers-cnckevin"],"banners":{"banner":"https:\/\/ps.w.org\/champlin-pre-flight-audit\/assets\/banner-772x250.png?rev=3604000","banner_2x":"https:\/\/ps.w.org\/champlin-pre-flight-audit\/assets\/banner-1544x500.png?rev=3604000","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/champlin-pre-flight-audit\/assets\/icon-128x128.png?rev=3604000","icon_2x":"https:\/\/ps.w.org\/champlin-pre-flight-audit\/assets\/icon-256x256.png?rev=3604000","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/champlin-pre-flight-audit\/assets\/screenshot-1.png?rev=3604000","caption":"The readiness dashboard with visual score, summary pills, and category breakdown."},{"src":"https:\/\/ps.w.org\/champlin-pre-flight-audit\/assets\/screenshot-2.png?rev=3604000","caption":"Per-finding view with status icon, technical detail, and remediation hint."}],"raw_content":"<!--section=description-->\n<p>The WordPress 7.0 upgrade is the biggest core release in years \u2014 bringing the WP AI Client, DataViews, Block API v3, and a higher PHP floor. <strong>This plugin runs a 30+ point automated audit<\/strong> of your site against the WordPress 7.0 readiness criteria, with a visual score and remediation hints for every finding.<\/p>\n\n<p>The same checks the engineering team at <a href=\"https:\/\/champlinenterprises.com\">Champlin Enterprises<\/a> runs across enterprise WordPress migrations, packaged free for the community.<\/p>\n\n<h4>About this distribution<\/h4>\n\n<p>This is the WordPress.org distribution of the plugin. A self-hosted variant is available at https:\/\/github.com\/Kevinchamplin\/champlin-pre-flight-audit for users who prefer to install directly from GitHub. The audit logic, autofixes, and snapshot system are identical; only the update mechanism differs.<\/p>\n\n<h4>What it checks<\/h4>\n\n<ul>\n<li><strong>Server &amp; runtime<\/strong> \u2014 PHP version, OPcache, memory limit, max_execution_time, required extensions<\/li>\n<li><strong>Database<\/strong> \u2014 MySQL\/MariaDB version, InnoDB availability<\/li>\n<li><strong>WordPress core<\/strong> \u2014 version, debug mode, auto-update status, HTTPS<\/li>\n<li><strong>Plugins<\/strong> \u2014 pending updates, per-plugin compatibility headers, known-risky page-builder slugs<\/li>\n<li><strong>Themes<\/strong> \u2014 active theme version, compatibility header, block vs classic, deprecated theme support<\/li>\n<li><strong>Custom code<\/strong> \u2014 static scan of your theme + custom plugins for WordPress 7.0 breaking patterns (WP_List_Table, manage_posts_columns, Block API v2, Interactivity effect(), deprecated HTML5 script support, and more)<\/li>\n<li><strong>Headless &amp; API<\/strong> \u2014 WPGraphQL detection, custom REST routes<\/li>\n<li><strong>Multisite<\/strong> \u2014 site count, super admins, 7.0 spam-flag behavior change<\/li>\n<li><strong>Security<\/strong> \u2014 admin user count, 2FA plugin, backup plugin, file-edit lockdown, AI Connectors policy reminder<\/li>\n<\/ul>\n\n<h4>What it does NOT do<\/h4>\n\n<ul>\n<li>It does not modify your site. Read-only.<\/li>\n<li>It does not phone home or transmit any data externally.<\/li>\n<li>It does not require a license key or account signup.<\/li>\n<\/ul>\n\n<h4>Why it's free<\/h4>\n\n<p>This plugin is the automated companion to the 80-point printable enterprise readiness checklist published by Champlin Enterprises at <a href=\"https:\/\/champlinenterprises.com\/wordpress-7-0-readiness-checklist.html\">champlinenterprises.com\/wordpress-7-0-readiness-checklist.html<\/a>. Together they cover the engineering work of a WordPress 7.0 migration. If you'd rather have an engineer run it as an engagement, the contact link is in the dashboard footer.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to <code>\/wp-content\/plugins\/<\/code>, OR install via the Plugins admin page.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n<li>Navigate to <strong>Tools \u2192 WP 7 Readiness<\/strong> to run the audit.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20work%20before%20and%20after%20wordpress%207.0%20is%20installed%3F\"><h3>Does this work before AND after WordPress 7.0 is installed?<\/h3><\/dt>\n<dd><p>Yes. On pre-7.0 sites it operates as a pre-flight audit. On post-7.0 sites it operates as a post-flight verification \u2014 checking that the upgrade landed cleanly.<\/p><\/dd>\n<dt id=\"will%20it%20modify%20my%20site%3F\"><h3>Will it modify my site?<\/h3><\/dt>\n<dd><p>No. The plugin is strictly read-only. It scans your configuration and files; it does not write any changes.<\/p><\/dd>\n<dt id=\"how%20long%20does%20the%20audit%20take%3F\"><h3>How long does the audit take?<\/h3><\/dt>\n<dd><p>Typically under 5 seconds on most sites. The custom-code static scan is capped at 1500 files to ensure even very large sites complete quickly.<\/p><\/dd>\n<dt id=\"does%20it%20cover%20everything%20in%20the%2080-point%20manual%20checklist%3F\"><h3>Does it cover everything in the 80-point manual checklist?<\/h3><\/dt>\n<dd><p>It covers the 30+ items that can be automated. The remaining 50 are human-judgment items \u2014 has the rollback been tested? has the AI Connectors policy been signed off? has the on-call rota been confirmed? \u2014 that no plugin can verify. The dashboard links to the printable checklist for the full audit.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.7<\/h4>\n\n<ul>\n<li><strong>Plugin review compliance.<\/strong> Managed-host detection no longer assumes a hardcoded server filesystem layout \u2014 Plesk is now detected from the <code>DOCUMENT_ROOT<\/code>\/<code>SERVER_SOFTWARE<\/code> environment signals and the control-panel install directory instead of matching <code>ABSPATH<\/code> against a fixed vhost path. No functional change: the same hosts are detected, and detection stays <code>open_basedir<\/code>-safe. Contributors list corrected to the plugin's WordPress.org account. The legacy-migration success notice now signals via a transient set by the nonce-verified migrate action instead of a URL parameter, resolving the Plugin Check nonce-verification warnings (and making the notice reliably display).<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li><strong>WordPress.org submission readiness.<\/strong> All Plugin Check ERRORs and most WARNINGs resolved: short PHP tags converted, direct filesystem operations refactored to use WP_Filesystem, $_POST\/$_SERVER inputs unslashed before sanitization, readme tags trimmed to 5, build script now excludes hidden files. No functional changes \u2014 same audit, same autofixes, same snapshot safety net. Ready for the WP.org plugin directory review.<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Distribution improvements. The self-hosted GitHub variant gained automated release delivery; the WordPress.org distribution uses WordPress.org's native plugin-update channel.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li><strong>Fix:<\/strong> Plesk detection now works under <code>open_basedir<\/code> restrictions. v1.0.2's <code>is_dir(\/usr\/local\/psa)<\/code> check silently failed when the vhost's <code>open_basedir<\/code> excluded <code>\/usr\/local\/psa\/<\/code>. New detection uses ABSPATH (<code>\/var\/www\/vhosts\/...<\/code>), DOCUMENT_ROOT, and SERVER_SOFTWARE signals \u2014 all open_basedir-safe.<\/li>\n<li><strong>Grading curve relief during major-release week.<\/strong> Within 14 days of a WordPress major release, plugins and themes still tested against the immediately-prior major (6.9 when current is 7.0) are downgraded from WARN to INFO and excluded from the score. Vendors typically catch up within this window; penalizing every site on day one was unfair. Auto-expires 14 days after the release date.<\/li>\n<li><strong>Accept-as-known-risk override mechanism.<\/strong> Each warn\/fail finding now has an \"Accept as known risk\" link. Click to acknowledge \u2014 the finding still appears in the report (with an \"Accepted risk\" tag) but is excluded from the readiness score calculation. Real enterprise audit pattern, fully reversible via \"Un-accept\" button.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li><strong>Fix:<\/strong> Re-run audit spinner appearing on page load and never stopping. The v1.0.1 spinner icon used the HTML <code>hidden<\/code> attribute to start hidden, but the plugin's <code>.wp7rc-btn__icon<\/code> class set <code>display: inline-block<\/code> which silently overrode <code>[hidden]<\/code>. The spin animation then ran constantly. Added an explicit <code>[hidden]<\/code> CSS override so the spinner stays hidden until the button is clicked.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li><strong>Fix: Custom-code scan no longer false-positives on common vendor plugins.<\/strong> The previous scope included Advanced Custom Fields, WPGraphQL, Two-Factor, page builders, and other widely-installed plugins that ship their own WordPress 7.0 compatibility updates. Flagging their internal code as if it were user-owned created noise. The vendor-skip list now covers 30+ common plugin slugs across page builders, SEO, ACF, GraphQL\/headless, security, cache, forms, translation, and backup.<\/li>\n<li><strong>Fix: Backup-plugin check now detects managed-host snapshot systems.<\/strong> Previously warned even on Plesk \/ WP Engine \/ Kinsta \/ Pantheon \/ Pressable \/ SiteGround \/ Flywheel \/ GoDaddy Managed WordPress \/ cPanel \/ DreamHost installs where host-level backups are the standard. The check now detects 10 managed-host platforms and reports PASS with \"host-level snapshots assumed\" instead.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li><strong>Fix:<\/strong> OPcache detection no longer false-positives on hardened hosts. The previous check used <code>function_exists('opcache_get_status')<\/code>, which returns false on Plesk \/ CloudLinux \/ managed-WP servers that disable <code>opcache_get_status<\/code> via <code>disable_functions<\/code> for security. The new check uses <code>extension_loaded('Zend OPcache')<\/code> as the primary signal, falling back to detailed memory stats only if the introspection function is available. OPcache now correctly reports PASS on Plesk and CloudLinux hosts.<\/li>\n<li><strong>UX:<\/strong> Re-run audit button now uses a proper event listener (was inline <code>onclick<\/code> which felt unresponsive when the audit state was unchanged), with a spinning \u21bb icon during reload.<\/li>\n<li><strong>UX:<\/strong> \"Apply N available fixes\" button replaced with a positive \"All available fixes applied\" green pill when there are no fixes left, instead of just disappearing.<\/li>\n<li><strong>UX:<\/strong> \"Apply all\" dialog now shows a clear bullet list of what will change.<\/li>\n<li><strong>UX:<\/strong> Fix-results report panel appears below the action buttons after Apply-all, listing every fix's outcome with its full error message inline. No more aggregate \"N applied \u00b7 M failed\" without context.<\/li>\n<li><strong>Discoverability:<\/strong> All outbound links to champlinenterprises.com now carry UTM parameters for attribution. \"No telemetry\" promise unchanged \u2014 UTMs are appended to URLs only, no data sent from your server.<\/li>\n<li><strong>Discoverability:<\/strong> Tasteful \"Star on GitHub\" band added to the dashboard footer. Self-reported install signal; fully opt-in.<\/li>\n<li><strong>Docs:<\/strong> Added README.md, SECURITY.md, CONTRIBUTING.md to the GitHub repo for community standards.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>30+ automated checks across 9 categories (server, database, WP core, plugins, themes, custom code, headless, multisite, security).<\/li>\n<li>Premium visual dashboard with animated readiness-score donut and color-coded findings.<\/li>\n<li>Print-friendly stylesheet \u2014 browser print dialog produces a clean PDF report.<\/li>\n<li><strong>Autofix support for 4 common issues<\/strong> \u2014 each fix is one click, idempotent, and reversible:\n\n<ul>\n<li>Disable major auto-updates during the WordPress 7.0 launch window<\/li>\n<li>Lock down in-admin file editing (drops a mu-plugin defining DISALLOW_FILE_EDIT)<\/li>\n<li>Update all plugins to their latest stable releases (uses WordPress core's own Plugin_Upgrader)<\/li>\n<li>Install and activate the official Two-Factor plugin from WordPress.org<\/li>\n<\/ul><\/li>\n<\/ul>","raw_excerpt":"Premium pre-flight (and post-flight) audit for the WordPress 7.0 upgrade. 30+ automated checks. Visual readiness score. Free.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/316463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=316463"}],"author":[{"embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/cnckevin"}],"wp:attachment":[{"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=316463"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=316463"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=316463"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=316463"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=316463"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=316463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}