{"id":326035,"date":"2026-07-18T12:57:49","date_gmt":"2026-07-18T12:57:49","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/postdock\/"},"modified":"2026-07-18T12:57:30","modified_gmt":"2026-07-18T12:57:30","slug":"syncdock","status":"publish","type":"plugin","link":"https:\/\/ary.wordpress.org\/plugins\/syncdock\/","author":17211928,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.1","stable_tag":"1.0.1","tested":"7.0.2","requires":"6.4","requires_php":"7.4","requires_plugins":null,"header_name":"SyncDock","header_author":"Degird","header_description":"A universal MCP-style API gateway plugin that transforms WordPress into a fully controllable content intelligence and publishing platform.","assets_banners_color":"a2a2a2","last_updated":"2026-07-18 12:57:30","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/degird.com","header_plugin_uri":"","header_author_uri":"https:\/\/degird.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":28,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.1":{"tag":"1.0.1","author":"rakibantor","date":"2026-07-18 12:57:30"}},"upgrade_notice":{"1.0.1":"<p>Security hardening update: explicit output escaping for all SVG icons and unified class prefix. Recommended for all users.<\/p>","1.0.0":"<p>Initial release of SyncDock.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3612591,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3612591,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3612591,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3612591,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3612591,"resolution":"1","location":"assets","locale":"","width":1280,"height":720},"screenshot-2.gif":{"filename":"screenshot-2.gif","revision":3612591,"resolution":"2","location":"assets","locale":"","width":1280,"height":720},"screenshot-3.gif":{"filename":"screenshot-3.gif","revision":3612591,"resolution":"3","location":"assets","locale":"","width":1280,"height":720}},"screenshots":{"1":"SyncDock Dashboard \u2014 real-time API metrics, system health, and recent activity.","2":"API Keys \u2014 generate, manage, and revoke API keys with per-key scopes and rate limits.","3":"Activity Log \u2014 filterable request log with status codes, response times, and client details.","4":"Settings \u2014 configure rate limiting, HMAC verification, caching, and data retention."}},"plugin_section":[],"plugin_tags":[1556,4917,141196,7143,23853],"plugin_category":[],"plugin_contributors":[262317],"plugin_business_model":[],"class_list":["post-326035","plugin","type-plugin","status-publish","hentry","plugin_tags-api","plugin_tags-content-management","plugin_tags-headless","plugin_tags-publishing","plugin_tags-rest-api","plugin_contributors-rakibantor","plugin_committers-rakibantor"],"banners":{"banner":"https:\/\/ps.w.org\/syncdock\/assets\/banner-772x250.png?rev=3612591","banner_2x":"https:\/\/ps.w.org\/syncdock\/assets\/banner-1544x500.png?rev=3612591","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/syncdock\/assets\/icon-128x128.png?rev=3612591","icon_2x":"https:\/\/ps.w.org\/syncdock\/assets\/icon-256x256.png?rev=3612591","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/syncdock\/assets\/screenshot-1.png?rev=3612591","caption":"SyncDock Dashboard \u2014 real-time API metrics, system health, and recent activity."},{"src":"https:\/\/ps.w.org\/syncdock\/assets\/screenshot-2.gif?rev=3612591","caption":"API Keys \u2014 generate, manage, and revoke API keys with per-key scopes and rate limits."},{"src":"https:\/\/ps.w.org\/syncdock\/assets\/screenshot-3.gif?rev=3612591","caption":"Activity Log \u2014 filterable request log with status codes, response times, and client details."}],"raw_content":"<!--section=description-->\n<p><strong>SyncDock<\/strong> is a headless MCP-style API gateway plugin that transforms your WordPress site into a fully controllable content intelligence and publishing platform \u2014 accessible by AI agents, SaaS applications, browser extensions, desktop apps, and any external client.<\/p>\n\n<h4>Why SyncDock?<\/h4>\n\n<p>WordPress's native REST API provides basic CRUD operations, but modern AI workflows, automation pipelines, and external integrations demand much more. SyncDock bridges the gap with:<\/p>\n\n<ul>\n<li><strong>Secure API Key Authentication<\/strong> \u2014 SHA-256 hashed keys with per-key scopes, rate limits, and expiration<\/li>\n<li><strong>HMAC-SHA256 Signature Verification<\/strong> \u2014 Tamper-proof request signing with replay protection<\/li>\n<li><strong>Gutenberg Block Converter<\/strong> \u2014 Bidirectional JSON \u2194 block markup for 18+ core block types<\/li>\n<li><strong>Content Context Layer<\/strong> \u2014 AI-optimized intelligence endpoints for content discovery and gap analysis<\/li>\n<li><strong>Advanced Query Engine<\/strong> \u2014 Multi-filter content search with taxonomy AND\/OR logic<\/li>\n<li><strong>SEO Plugin Bridge<\/strong> \u2014 Auto-detects Yoast, Rank Math, and AIOSEO for transparent SEO metadata<\/li>\n<li><strong>Response Caching<\/strong> \u2014 Configurable TTL with auto-invalidation on content changes<\/li>\n<li><strong>Activity Logging<\/strong> \u2014 Full request audit trail with retention policies<\/li>\n<\/ul>\n\n<h4>Key Features<\/h4>\n\n<p><strong>\ud83d\udd10 Multi-Layer Security<\/strong><\/p>\n\n<ul>\n<li>API Key authentication with SHA-256 hashing (keys never stored in plaintext)<\/li>\n<li>Optional HMAC-SHA256 request signing with 5-minute replay window<\/li>\n<li>10 granular permission scopes (<code>read_posts<\/code>, <code>write_posts<\/code>, <code>delete_posts<\/code>, etc.)<\/li>\n<li>Per-key and per-IP rate limiting with sliding window<\/li>\n<li>Failed authentication brute-force protection (10 failures \/ 15 min \/ IP)<\/li>\n<\/ul>\n\n<p><strong>\ud83d\udcdd Full Post Lifecycle<\/strong><\/p>\n\n<ul>\n<li>Create, read, update (PUT\/PATCH), and delete posts<\/li>\n<li>Structured Gutenberg block input\/output (JSON \u2194 block markup)<\/li>\n<li>Partial block-level updates (insert\/replace\/delete by index)<\/li>\n<li>Post revision listing and one-click restore<\/li>\n<li>Scheduled publishing via <code>status: future<\/code><\/li>\n<li>SEO metadata sync with popular SEO plugins<\/li>\n<\/ul>\n\n<p><strong>\ud83e\udde0 Content Intelligence<\/strong><\/p>\n\n<ul>\n<li><code>\/context\/posts<\/code> \u2014 Recent, popular, and similar posts with content gap analysis<\/li>\n<li><code>\/context\/taxonomies<\/code> \u2014 Hierarchical category trees and tag clouds<\/li>\n<li><code>\/context\/media<\/code> \u2014 Library summary, MIME distribution, unattached files<\/li>\n<li><code>\/context\/site-info<\/code> \u2014 Site configuration, image sizes, post types<\/li>\n<\/ul>\n\n<p><strong>\ud83d\udd0d Query Engine<\/strong><\/p>\n\n<ul>\n<li>Multi-taxonomy filters with AND\/OR logic<\/li>\n<li>Date range queries on publish or modified dates<\/li>\n<li>Full-text search with highlighted excerpts<\/li>\n<li>Site-wide content discovery endpoint<\/li>\n<\/ul>\n\n<p><strong>\ud83d\udcc1 Media Management<\/strong><\/p>\n\n<ul>\n<li>Upload via multipart\/form-data or base64 JSON<\/li>\n<li>Server-side MIME type validation<\/li>\n<li>Attach\/detach media from posts<\/li>\n<li>Full image metadata and size information<\/li>\n<\/ul>\n\n<p><strong>\u2699\ufe0f Admin Dashboard<\/strong><\/p>\n\n<ul>\n<li>Real-time API metrics (requests, errors, response times)<\/li>\n<li>API key management with one-click creation and revocation<\/li>\n<li>Filterable activity log with status\/method\/search<\/li>\n<li>System health monitoring<\/li>\n<li>Configurable rate limits, caching, and data retention<\/li>\n<\/ul>\n\n<h4>Who Is SyncDock For?<\/h4>\n\n<ul>\n<li><strong>AI Agents<\/strong> \u2014 Connect Claude, GPT, or custom models to publish and manage content<\/li>\n<li><strong>SaaS Applications<\/strong> \u2014 Build external content management dashboards<\/li>\n<li><strong>Browser Extensions<\/strong> \u2014 Create write-from-anywhere tools<\/li>\n<li><strong>Desktop Apps<\/strong> \u2014 Build native publishing applications<\/li>\n<li><strong>Automation Pipelines<\/strong> \u2014 Integrate WordPress into CI\/CD or content workflows<\/li>\n<li><strong>Mobile Apps<\/strong> \u2014 Power native mobile content creation tools<\/li>\n<\/ul>\n\n<h3>External services<\/h3>\n\n<p>This plugin does <strong>not<\/strong> connect to any external third-party services. All data processing \u2014 including API key management, authentication, rate limiting, caching, and content operations \u2014 is performed entirely on your WordPress server.<\/p>\n\n<p>Gravatar avatar URLs may appear in API responses for post authors. This is standard WordPress core behavior (<code>get_avatar_url()<\/code>) and is not initiated by SyncDock.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>syncdock<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>Navigate to <strong>SyncDock &gt; Dashboard<\/strong> in the admin menu<\/li>\n<li>Generate your first API key via <strong>SyncDock &gt; API Keys<\/strong><\/li>\n<li>Start making API requests to <code>https:\/\/yoursite.com\/wp-json\/syncdock\/v1\/<\/code><\/li>\n<\/ol>\n\n<h4>Quick Start<\/h4>\n\n<p>Generate an API key from the admin panel, then:<\/p>\n\n<pre><code>curl -H \"X-SyncDock-Key: YOUR_API_KEY\" \\\n     https:\/\/yoursite.com\/wp-json\/syncdock\/v1\/posts\n<\/code><\/pre>\n\n<p>Create a post with Gutenberg blocks:<\/p>\n\n<pre><code>curl -X POST \\\n  -H \"X-SyncDock-Key: YOUR_API_KEY\" \\\n  -H \"Content-Type: application\/json\" \\\n  -d '{\n    \"title\": \"My First SyncDock Post\",\n    \"status\": \"draft\",\n    \"content\": {\n      \"blocks\": [\n        { \"type\": \"heading\", \"content\": \"Hello World\", \"attrs\": { \"level\": 2 } },\n        { \"type\": \"paragraph\", \"content\": \"Created via SyncDock API.\" }\n      ]\n    }\n  }' \\\n  https:\/\/yoursite.com\/wp-json\/syncdock\/v1\/posts\n<\/code><\/pre>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20syncdock%20replace%20the%20wordpress%20rest%20api%3F\"><h3>Does SyncDock replace the WordPress REST API?<\/h3><\/dt>\n<dd><p>No. SyncDock runs alongside the native REST API under its own namespace (<code>\/syncdock\/v1\/<\/code>). Your existing integrations are unaffected.<\/p><\/dd>\n<dt id=\"how%20are%20api%20keys%20stored%3F\"><h3>How are API keys stored?<\/h3><\/dt>\n<dd><p>API keys are hashed using SHA-256 before storage. The raw key is shown only once during creation and is never retrievable from the database.<\/p><\/dd>\n<dt id=\"does%20syncdock%20support%20hmac%20request%20signing%3F\"><h3>Does SyncDock support HMAC request signing?<\/h3><\/dt>\n<dd><p>Yes. Each API key can be configured with HMAC mode set to <code>disabled<\/code>, <code>optional<\/code>, or <code>required<\/code>. When enabled, requests must include <code>X-SyncDock-Signature<\/code> and <code>X-SyncDock-Timestamp<\/code> headers.<\/p><\/dd>\n<dt id=\"which%20seo%20plugins%20are%20supported%3F\"><h3>Which SEO plugins are supported?<\/h3><\/dt>\n<dd><p>SyncDock auto-detects Yoast SEO, Rank Math, and All in One SEO Pack. If none are installed, SyncDock stores SEO data in its own meta fields.<\/p><\/dd>\n<dt id=\"can%20i%20use%20syncdock%20with%20custom%20post%20types%3F\"><h3>Can I use SyncDock with custom post types?<\/h3><\/dt>\n<dd><p>The current version supports the default <code>post<\/code> type. Custom post type support is planned for v1.1.0.<\/p><\/dd>\n<dt id=\"is%20there%20rate%20limiting%3F\"><h3>Is there rate limiting?<\/h3><\/dt>\n<dd><p>Yes. Rate limits are enforced per API key and per IP address using a sliding window algorithm. Limits are configurable per-key and globally via the settings page.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Fix: Added explicit <code>wp_kses()<\/code> escaping at all SVG icon output points to satisfy WordPress Plugin Check (late-escaping standard).<\/li>\n<li>Fix: Renamed class prefix from <code>SyncDock_<\/code> to <code>Syncdock_<\/code> across all files to eliminate dual-prefix detection (<code>syncdock<\/code> + <code>sync_dock<\/code>) by WP.org static analysis tools.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Multi-layer authentication (API Key, HMAC-SHA256, Scopes, Rate Limiting)<\/li>\n<li>Full post CRUD with Gutenberg block converter<\/li>\n<li>Content Context Layer with gap analysis<\/li>\n<li>Advanced Query Engine with taxonomy filters<\/li>\n<li>Media upload (multipart + base64) with MIME validation<\/li>\n<li>Taxonomy management (categories + tags)<\/li>\n<li>Activity logging with configurable retention<\/li>\n<li>Response caching with auto-invalidation<\/li>\n<li>Admin dashboard with real-time metrics<\/li>\n<li>SEO plugin bridge (Yoast, Rank Math, AIOSEO)<\/li>\n<\/ul>","raw_excerpt":"A universal MCP-style API gateway that transforms WordPress into a fully controllable content intelligence and publishing platform.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/326035","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=326035"}],"author":[{"embeddable":true,"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/rakibantor"}],"wp:attachment":[{"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=326035"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=326035"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=326035"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=326035"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=326035"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ary.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=326035"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}