SECURITY & CONTROL

Move WordPress changes with reviewable safeguards.

WPChangeSync is built for teams that need production change control: authenticated remotes, scoped sync, dry-runs, conflict strategies, backups, audit logs, rate limiting, and safer import handling.
AUTH / DRY RUN / AUDIT / BACKUP
01

The security model

WPChangeSync does not ask you to trust a black box. It gives administrators explicit controls around who can connect, what can move, and how risky changes are reviewed.
Core capability

Controlled sync starts before the import button.

The plugin uses WordPress capability checks, authenticated REST requests, application-password style remote credentials, sanitized API responses, shared REST rate limiting, and safe deserialization paths for imported data. Combined with dry-runs and selected scope, those controls make site-to-site sync more predictable.

Authentication

Admin-capable remote access

Remotes should use HTTPS and dedicated application passwords or equivalent credentials, with access limited to trusted administrators.

API hardening

Rate limits and sanitized errors

REST endpoints are hardened for WPChangeSync-to-WPChangeSync transfers while keeping remote error output safe for callers.

Import safety

Safe unserialize and validation

Imported option, CPT, taxonomy, backup, and custom-font data paths use safer deserialization and defensive sanitization to reduce avoidable risk.

02

Operational safeguards

Security is not only authentication. It is also how a team prevents accidental production damage.
Dry runs

Preview before writing

Run a workflow or import as a dry run before production data changes, then review planned scope and likely conflicts.

Release checklist →
Conflict strategy

Choose the right outcome

Skip, overwrite, duplicate, newer-wins, backup-then-overwrite, merge, or prompt per item/integration instead of blindly replacing target data.

Conflict guide →
Approvals

Pause risky steps

Approval gates let production workflows wait for human review before continuing with destructive or broad changes.

Approval guide →
Backups

Restore when something goes wrong

Automatic backups, template versions, and restore paths help teams recover from failed or incorrect imports.

Restore guide →
Audit trail

Know who changed what

Activity and audit records help agencies and teams review workflow runs, approvals, imports, exports, and restore actions.

Audit guide →
Maintenance windows

Protect visitors during releases

Maintenance-mode workflow steps can wrap high-risk production changes and restore state after the run.

Maintenance guide →
03

What WPChangeSync does not hide

A trustworthy sync tool should make responsibilities clear.
Core capability

You stay in control of storage, scope, credentials, and production timing.

WPChangeSync creates a safer release path, but it does not replace backups, staging checks, least-privilege access, secure hosting, or operational judgement. The best production setup combines WPChangeSync with Git review, tested backups, clear approvals, and limited remote credentials.

Storage

Git-friendly JSON you can inspect

Exports are readable JSON files, so teams can review changes and keep them with the project instead of relying on opaque database dumps.

Scope

Selected sync instead of everything

Push selected templates, pages, media, fields, integrations, or workflow scope rather than moving the whole site by default.

Automation

Scriptable, but gated

Use WP-CLI or webhooks in CI while still requiring dry-runs, approvals, and logged workflow outcomes for production.

04 — FAQ

Security questions

Does WPChangeSync replace normal backups?
No. It creates backup and restore paths for sync operations, but production sites should still have tested host/server backups and a rollback plan.
Can I safely use full automatic sync?
Only with a carefully designed workflow, narrow scope, monitoring, and rollback. For production, start with manual or approval-gated workflows before enabling automatic write paths.
Is it safe for client sites?
Yes, when remotes use dedicated credentials, dry-runs, approvals, backups, and a tested workflow. Agencies should document who can trigger production runs.
Where should webhook tokens live?
Keep webhook tokens in CI secrets or server-side configuration. Do not commit them to Git, paste them into public tickets, or send them in screenshots.
TRUSTED RELEASES

Turn WordPress changes into a controlled release process.

Use WPChangeSync to move faster without giving up review, rollback, and visibility.