=== Plugin Bloat Analyzer === Contributors: (founder) Tags: performance, plugins, audit, database, autoload, security, woocommerce Requires at least: 6.4 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: 0.1.0 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Operational visibility for your plugin portfolio: inventory, autoload footprint, and database footprint — descriptive, read-only, with provenance on every finding. == Description == Plugin Bloat Analyzer runs an on-demand, admin-triggered, read-only scan of your site's plugin portfolio and shows you what is operationally present: a plugin inventory, the autoloaded-options footprint, and a database-footprint map. It describes what exists, with the exact evidence for each observation. It is descriptive, not prescriptive: it never auto-removes anything, never deletes or optimises, and never tells you a plugin is "bad" or "slow". It never shows a number it cannot defend — every finding is labelled Verified (a deterministic fact) or Estimated (hedged), and ownership is classified honestly (Deterministic / Shared infrastructure / Unknown), never guessed. What it checks: * Plugin inventory, versions, and last-update dates * Autoloaded options footprint (read on every request) * Database footprint, orphaned tables, transient buildup * Which plugin loads which JavaScript and CSS, per template * Scheduled cron events grouped by plugin * Abandoned and outdated plugins * Known vulnerabilities in installed plugins * Duplicate functionality (e.g. two SEO plugins) * Composer-autoloader inefficiencies == Privacy == The plugin works fully offline. No site data leaves your server unless you explicitly opt in to optional cloud sync, which sends metadata only (plugin slugs, sizes, counts, timestamps) — never your content, options values, or any personal data. Remote calls (WordPress.org plugin API, the vulnerability data feed, and licensing) are disclosed and only made as described. == Frequently Asked Questions == = Does it slow my site down? = No. Scans are on-demand (admin button or WP-CLI), never run on visitor page loads, and the plugin registers nothing heavy on front-end hooks. = Will it tell me a plugin is "slow"? = No. Per-plugin execution-time attribution is not reliable enough to state as fact, so we don't. We report what we can measure deterministically and clearly label everything else as an estimate. == Changelog == = 0.6.0 = * Added plugin update-health: surfaces which installed plugins have an available update (out-of-date plugins are the most common way sites get compromised). Reported as a high-value recommendation to update yourself via WordPress's own Updates screen, with a backup-first checklist. It reads only the update data WordPress already maintains locally — no extra network call — and never updates, predicts breakage, or claims an update is risk-free. = 0.5.0 = * Added WordPress core integrity check: compares your core files against WordPress.org's official published checksums and reports any that differ or are missing. This is the plugin's first and only outbound network request (to api.wordpress.org, the same endpoint WordPress core uses for updates). It is read-only and never deletes or restores files for you — if it finds a difference, it gives guided steps to RESTORE the official version yourself. = 0.4.0 = * Added HTML report export (a styled, print-ready page) alongside Markdown. For a PDF, open the HTML and use the browser's Print → Save as PDF — no heavy PDF library is bundled, keeping the plugin lightweight. = 0.3.0 = * Added report export: download the current scan as a Markdown file (summary, changes, recommendations, and the full findings table) to keep, diff, or share. * Scan history: the plugin now keeps your last 5 scans (instead of 1) for the "what changed" comparison. Still captured only when you run a scan; stored in a single non-autoloaded option and removed on uninstall. = 0.2.0 = * Added "What changed since the last scan": each scan is compared against the previous one and new, removed, and changed items are listed. The scan remains read-only; the only thing stored is your most recent scan result (one option, not autoloaded), removed cleanly on uninstall. * Added considered recommendations (verdicts you choose whether to act on). Reversible steps link to your own Plugins screen; nothing destructive is ever performed for you. = 0.1.0 = * Initial release.