Title: Upgrade Pilot
Author: Luke W
Published: <strong>Agẹmọ  17, 2026</strong>
Last modified: Agẹmọ  17, 2026

---

Ṣàwárí àwọn plugin

![](https://ps.w.org/upgrade-pilot/assets/banner-772x250.png?rev=3610935)

![](https://ps.w.org/upgrade-pilot/assets/icon.svg?rev=3610935)

# Upgrade Pilot

 Láti ọwọ́ [Luke W](https://profiles.wordpress.org/lukeaxiomflow/)

[Ṣe ìgbàsílẹ̀](https://downloads.wordpress.org/plugin/upgrade-pilot.1.0.9.zip)

 * [Àwọn àlàyé](https://yor.wordpress.org/plugins/upgrade-pilot/#description)
 * [Àwọn àgbéyẹ̀wò](https://yor.wordpress.org/plugins/upgrade-pilot/#reviews)
 * [Ìdàgbàsókè](https://yor.wordpress.org/plugins/upgrade-pilot/#developers)

 [Ìrànlọ́wọ́](https://wordpress.org/support/plugin/upgrade-pilot/)

## Àpèjúwe

**WordPress tells you when a plugin has an update. It never tells you who is behind
that update.**

Plugins get sold. Authors walk away. Maintainers are quietly added to a project.
Occasionally a plugin is closed on WordPress.org for a security problem, and the
copy on your site keeps running as if nothing happened. In every one of those cases
WordPress shows you exactly what it showed you yesterday: nothing.

Upgrade Pilot watches the things WordPress does not.

#### Update trust: know who is behind your next update

Every day, Upgrade Pilot takes a snapshot of the public WordPress.org record of 
every plugin you have installed, and compares it to yesterdayÌtumọ̀ Yorùbá: ’s. 
It tells you when:

 * **The author changes.** A plugin that just changed hands is the single clearest
   signal to look before you leap. Ownership transfers are how a trusted plugin 
   becomes an untrusted one, without a single line of visible change.
 * **New contributors appear.** Someone new now has commit access to code running
   on your site.
 * **A plugin is closed or removed from WordPress.org**, along with the reason given.
   Closed plugins receive no further updates, and if the closure was for a security
   issue you are running known-vulnerable code.

Plugins and themes that have simply gone quiet Ìtumọ̀ Yorùbá: – nobody has updated
them in longer than a threshold you set Ìtumọ̀ Yorùbá: – are reported in the readiness
report rather than emailed to you as an alert, because abandonment is a slow fact,
not an event that happened this morning.

You can then **freeze automatic updates for that one plugin**, so a bad release 
cannot install itself overnight while you decide. The freeze is per plugin, opt 
in, and never touches WordPress core. Manual updates always remain available. It
will not help you hide from a security fix.

#### Upgrade readiness: know the upgrade will not break the site

Before you move to a new PHP or WordPress version, Upgrade Pilot answers whether
it is safe:

 * **Server checks.** Your PHP version against WordPressÌtumọ̀ Yorùbá: ’s actual
   minimum and against the version you plan to move to. Your database version against
   the requirement of the update WordPress is really being offered, read live from
   WordPress itself rather than from a number hardcoded by us. Memory limit, extensions,
   HTTPS.
 * **PHP security support.** How long the PHP branch you are running still receives
   security fixes.
 * **Every plugin and theme, cross-referenced against WordPress.org.** Which ones
   declare a PHP requirement higher than your target, which have not been tested
   against recent WordPress releases, which have not been updated in years, and 
   which have been closed.
 * **A local scan of your plugins’ PHP code**, flagging what modern PHP removed 
   or deprecated, down to the file and line. It runs in small time-sliced batches,
   so it does not time out, and a file that has not changed since the last scan 
   is not analysed again.

#### Findings that are honest about their own certainty

Deterministic results are labelled **fact**. Static-analysis results are labelled**
advisory**, and never drive the verdict on their own, because version-guarded code
and unreachable branches legitimately trigger them. Anything you have inspected 
and cleared can be suppressed permanently, and the suppression survives future scans.

#### Read only, always

Upgrade Pilot never updates, deactivates, installs, or rewrites anything. The one
thing it can change is a per-plugin automatic-update hold, and only when you click
the button yourself.

#### Also included

 * Site Health integration
 * Dashboard summary widget
 * Email alerts: immediate for critical events, a daily digest for warnings (informational
   events stay in the UI)
 * A weekly scheduled re-scan
 * WP-CLI: `wp upgrade-pilot scan`, `status` and `report`
 * Machine-readable export, ungated: `wp upgrade-pilot scan --format=json` and `
   wp upgrade-pilot report --format=json`
 * A REST endpoint for dashboards and fleet tooling: `GET /wp-json/upgrade-pilot/
   v1/report`, available to administrators (the `manage_options` capability; super
   admins on a network)

#### Works on multisite

On a WordPress network, Upgrade Pilot runs at network level, because that is where
the truth is: a network shares one copy of each pluginÌtumọ̀ Yorùbá: ’s files, so
who wrote a plugin, whether it was closed, and whether its updates are held are 
facts about the whole network, not about one subsite. The free version installs 
network-wide, stores its data once, and is managed by a super admin from the Network
Admin screens. Freezing a pluginÌtumọ̀ Yorùbá: ’s automatic updates holds it across
the network, because there is only one copy of the file to hold.

#### Upgrade Pilot Pro

Pro adds the things you need when the site belongs to someone else:

 * A branded, white-label client report (PDF/print) Ìtumọ̀ Yorùbá: – your name, 
   your colour, no product footer.
 * The readiness summary emailed to your client, on a schedule you choose, to as
   many addresses as you like Ìtumọ̀ Yorùbá: – and you are told if it fails to send.
 * Slack and webhook alerts for update-trust events.
 * Automatic update-hold policies: hold a pluginÌtumọ̀ Yorùbá: ’s automatic updates
   for a cooling-off period the moment it changes owner or gains a contributor.
 * Daily and twice-daily re-scans.
 * On a network, the Network Overview: every subsiteÌtumọ̀ Yorùbá: ’s readiness 
   and update-trust status on one screen, and Ìtumọ̀ Yorùbá: – the question you 
   actually have when a plugin changes hands Ìtumọ̀ Yorùbá: – exactly which of your
   sites are running it.
 * A private email channel with the developer.

**Four things are free that people usually assume are paid, so they are worth saying
plainly.**

_The machine-readable export is free._ WP-CLI `--format=json` and the REST endpoint
are part of the free version and are not gated, metered or licence-checked.

_The digest email is free._ The free version already emails you, the site administrator,
immediately when a plugin is closed or flagged, and a daily digest of everything
else. What Pro adds is sending the readiness summary to _other people_ Ìtumọ̀ Yorùbá:–
your client Ìtumọ̀ Yorùbá: – on a schedule you pick, and telling you when a send
fails.

_The weekly re-scan is free_, and on by default. What Pro adds is running it daily
or twice daily.

_Multisite is free, in full._ Upgrade Pilot installs network-wide, stores its data
once, is managed by a super admin from the Network Admin screens, and a freeze holds
across the whole network. What Pro adds on a network is the Network Overview screen
described above Ìtumọ̀ Yorùbá: – not multisite itself.

Freezing a plugin by hand is free too. What Pro adds is doing it automatically, 
on a policy.

Every paid tier includes every feature; tiers differ only by how many sites your
licence covers. On a network, each subsite counts as one of those sites, and you
activate the licence once from Network Admin to cover them all.

Pro is a separate download, not an in-place upgrade. When you buy or start a trial
you download the Pro build and upload it like any other plugin; it installs alongside
this free copy, and activating it switches the free copy off for you. Your settings,
scan history and freeze list carry over untouched.

### External services

Upgrade Pilot uses WordPress.org, always. It uses Freemius Ìtumọ̀ Yorùbá: – who 
sell and license the paid version Ìtumọ̀ Yorùbá: – only when you go looking for 
the paid version, and only in the four situations listed below.

**1. WordPress.org Plugin and Theme API (api.wordpress.org)**
 This is the pluginÌtumọ̀
Yorùbá: ’s data source and is always used. _What is sent:_ the public slug of a 
plugin or theme installed on your site. Nothing else. No site URL, no user data,
no configuration. The requests identify themselves only as “UpgradePilot/” followed
by the plugin version. _When:_ when you run a readiness scan, and once daily as 
part of the update-trust snapshot that detects author changes, new contributors,
closures, and abandonment. _Why:_ to read the public directory record for that plugin(
author, contributors, last updated, tested-up-to, required PHP, and whether it has
been closed). _Note:_ WordPress core already contacts this same API for its own 
update checks. _How much:_ plugin lookups are batched Ìtumọ̀ Yorùbá: – every plugin
on the site is asked for in a single request, so a 40-plugin site makes one plugin
request, not forty. The theme API has no batch mode, so themes cost one request 
each. Answers are cached for 24 hours (72 hours for “not in the directory”), and
429 or 5xx responses trigger a backoff that later calls respect. A typical 40-plugin,
3-theme site therefore makes about four or five requests a day in total. Privacy:
https://wordpress.org/about/privacy/ WordPress.org publishes a privacy policy but
no separate terms-of-use document for this API. It is the same public API, on the
same host, that WordPress core itself queries for update checks.

**2. Freemius (freemius.com), who sell and license Upgrade Pilot Pro**
 Freemius
is contacted in four situations. Every one of them is something you click. It is
never contacted in the background.

_You opt in, start a trial, or activate a licence._
 Sent to api.freemius.com: your
site URL, your WordPress and PHP versions, and the email address of the account 
you activate with. This only happens after you explicitly opt in on the activation
screen, or when you start a trial or activate a licence.

_You open the “Upgrade” page._
 The plugin adds an “Upgrade” item to its own menu,
and the Reports & Automation screen links to it. Opening that page asks Freemius
for the current plan prices so it can show them to you (api.freemius.com), and that
request carries your site URL. Nothing else is sent. This happens whoever you are,
including if you skipped the opt-in Ìtumọ̀ Yorùbá: – but only when you open that
page. If you never open it, it never runs. That request is made by your own server,
not by your browser: the page talks to your siteÌtumọ̀ Yorùbá: ’s admin-ajax, and
your site talks to Freemius. The page itself loads no third-party scripts at all.
Everything it renders Ìtumọ̀ Yorùbá: – the plan table, the icons, the payment-brand
badges Ìtumọ̀ Yorùbá: – is served from this pluginÌtumọ̀ Yorùbá: ’s own folder. 
The payment SDKÌtumọ̀ Yorùbá: ’s bundled pricing script used to inject Google Analytics
and a remote checkout script into your dashboard on that page; this build removes
both, along with the SDKÌtumọ̀ Yorùbá: ’s remaining remote references (all four 
modifications are listed under “Source code” below).

_You click “Contact Us”._
 That opens FreemiusÌtumọ̀ Yorùbá: ’s hosted support form(
wp.freemius.com). The link carries your site URL and your WordPress login URL, so
the form knows which site you are writing about.

_You click a plan, to buy or to start a trial._
 That takes you to FreemiusÌtumọ̀
Yorùbá: ’s checkout page (checkout.freemius.com). It receives your site URL, your
site name, your WordPress and PHP versions, and **your WordPress administrator email
address, which is filled in for you Ìtumọ̀ Yorùbá: – you do not have to type it,
and it is sent whether you complete the purchase or not.** Freemius is the merchant
of record for the sale. That checkout page is FreemiusÌtumọ̀ Yorùbá: ’s, not ours,
and like any hosted checkout it loads its own third-party scripts. At the time of
writing those are: Stripe (js.stripe.com) and PayPal (www.paypal.com, www.paypalobjects.
com) to take payment, Google Tag Manager (www.googletagmanager.com) for their analytics,
and FreemiusÌtumọ̀ Yorùbá: ’s own scripts and images (js.freemius.com, cdnjs.cloudflare.
com, s3-us-west-2.amazonaws.com). We do not control that list and it can change.
What happens on that page is governed by FreemiusÌtumọ̀ Yorùbá: ’s privacy policy,
linked below. If you never click a plan, none of it loads. Terms: https://freemius.
com/terms/ Ìtumọ̀ Yorùbá: – Privacy: https://freemius.com/privacy/

#### What does not happen

The list above is not written from memory. Every outbound request the plugin causes
was logged, and these are the results: installing and activating the plugin, the
opt-in screen itself, skipping the opt-in, every one of the pluginÌtumọ̀ Yorùbá:’
s own screens, deactivating the plugin (the payment SDKÌtumọ̀ Yorùbá: ’s deactivation-
feedback dialog is switched off in this build, so deactivation is one click and 
sends nothing), WordPressÌtumọ̀ Yorùbá: ’s plugin-update cycle, and every scheduled
background task Ìtumọ̀ Yorùbá: – all of them complete without contacting Freemius
at all. No telemetry, no scan data, no site data. Every Freemius contact listed 
above is the direct result of something you clicked.

The free plugin is fully functional whether you opt in or skip. If you would rather
not use FreemiusÌtumọ̀ Yorùbá: ’s support form, the WordPress.org support forum 
for this plugin is linked from the same menu and sends nothing anywhere.

There is no security feed to call, and no server of ours for this plugin to contact.
Anything Upgrade Pilot knows about a pluginÌtumọ̀ Yorùbá: ’s security standing, 
it learned from that pluginÌtumọ̀ Yorùbá: ’s public WordPress.org record Ìtumọ̀ 
Yorùbá: – most importantly, whether the directory has closed it, and the reason 
the directory gave.

### Source code

Every line Upgrade Pilot itself runs ships in this plugin, unminified and unobfuscated.
Its own CSS and JavaScript (`admin/css/upilot-admin.css`, `admin/js/upilot-admin.
js`) are the files you read, not build output; there is no build step and no compiled
asset.

The one exception is the third-party payment SDK in `vendor/freemius/`, which ships
pre-minified. Those files are the Freemius WordPress SDK, published under the GPL,
and their unminified source and build tooling are public:

 * Freemius WordPress SDK: https://github.com/Freemius/wordpress-sdk
 * The pricing screen bundled at `vendor/freemius/assets/js/pricing/freemius-pricing.
   js`: https://github.com/Freemius/pricing-page

The minified files under `vendor/freemius/` are: `assets/js/pricing/freemius-pricing.
js`, `assets/js/postmessage.js`, `assets/js/nojquery.ba-postmessage.js`, `assets/
js/jquery.form.js`, and thirteen stylesheets under `assets/css/`.

Upgrade Pilot ships four deliberate modifications to that SDK, all in `assets/js/
pricing/freemius-pricing.js`, all removing remote references from wp-admin, each
marked with an “Upgrade Pilot:” comment at the patch site:

 1. The `appendScripts()` method is emptied. Upstream it injects `https://www.google-
    analytics.com/analytics.js` and `https://checkout.freemius.com/checkout.js` into
    wp-admin when the pricing screen renders. Neither belongs in a WordPress dashboard,
    and the analytics script ran even for people who had declined the opt-in.
 2. The Google Analytics pageview tracker is stubbed out. Upstream it reports pricing-
    page views to FreemiusÌtumọ̀ Yorùbá: ’s Analytics property whenever a GA object
    is already present in wp-admin (for example, loaded there by an unrelated plugin),
    stamping them with the Freemius user id.
 3. A loading-spinner image served from FreemiusÌtumọ̀ Yorùbá: ’s CDN (`img.freemius.
    com`) is replaced with an inline image.
 4. Testimonial author photos, which upstream loads from Gravatar or a remote URL supplied
    by the Freemius API, always use the bundled placeholder instead.

The pricing screen and the checkout both work without all four.

Third-party libraries inside that SDK bundle, all GPL-compatible: React 17 (MIT),
object-assign (MIT), is-buffer (MIT), and Font Awesome Free 5 (code MIT, icons CC
BY 4.0). No library that WordPress itself ships is bundled anywhere in this plugin
Ìtumọ̀ Yorùbá: – jQuery and the other core scripts are used from WordPressÌtumọ̀
Yorùbá: ’s own copies, by handle.

## Àwọn àwòrán ìbòjú

[⌊Update trust: ownership changes, closures, and abandoned plugins, with per-plugin
update freeze⌉⌊Update trust: ownership changes, closures, and abandoned plugins,
with per-plugin update freeze⌉[

Update trust: ownership changes, closures, and abandoned plugins, with per-plugin
update freeze

[⌊The readiness report: server checks and the WordPress.org cross-reference⌉⌊The
readiness report: server checks and the WordPress.org cross-reference⌉[

The readiness report: server checks and the WordPress.org cross-reference

[⌊Static PHP compatibility findings, with per-finding suppression⌉⌊Static PHP compatibility
findings, with per-finding suppression⌉[

Static PHP compatibility findings, with per-finding suppression

[⌊Site Health integration⌉⌊Site Health integration⌉[

Site Health integration

[⌊Settings⌉⌊Settings⌉[

Settings

## FAQ

### Does this plugin block updates?

No, not by default, and never silently.

Upgrade Pilot ships with nothing frozen. It changes no update behaviour at all until
you personally decide to hold one specific plugin, which you would typically do 
right after it tells you that plugin just changed owners or was closed on WordPress.
org.

When you do freeze a plugin:

 * It holds **automatic** updates for **that one plugin only**, using WordPressÌtumọ̀
   Yorùbá: ’s standard per-plugin auto-update filter.
 * **WordPress core is never affected.** Upgrade Pilot registers no core-update 
   filter of any kind, and does not disable the automatic updater. Core updates 
   behave exactly as they would without this plugin installed.
 * **The update is never hidden.** It still appears on your Plugins screen exactly
   as normal. You simply see a note explaining why it is being held, and you can
   install it manually at any time.
 * **It will not hide a security fix from you.** If a plugin you have frozen is 
   then closed on WordPress.org for a security issue, Upgrade Pilot says so loudly
   and tells you to unfreeze and update. Freezing is a pause for thought, not a 
   place to hide.

You can unfreeze any plugin with one click, and uninstalling Upgrade Pilot removes
all freeze state.

### Why should I care who owns a plugin?

Because ownership changes are invisible in your dashboard, and they change who can
push code to your site. A plugin can be sold, or hand a new maintainer commit access,
and the next automatic update arrives looking exactly like every previous one. Upgrade
Pilot exists to put a name and a date on that moment, so you can decide whether 
to let the update through.

### Is my site ready for the next WordPress or PHP version?

Run the readiness report. It checks your server against the requirements WordPress
itself reports, cross-references every plugin and theme against its WordPress.org
record, and scans your plugins’ PHP code for anything modern PHP removed.

### Will the scan slow down or time out on shared hosting?

No. The code scan processes files in small time-sliced batches with hard budgets,
driven from your browser while you watch and by WP-Cron in the background. Oversized
and vendored files are skipped, and that is disclosed in the results rather than
hidden.

### Does the scanner send my code anywhere?

No. The code scan runs entirely on your own server. See the External services section
above for the complete list of what leaves your site, which is only public plugin
slugs.

### What does “advisory” mean next to a finding?

It means the finding came from reading your code rather than from a definitive fact,
and might be a false positive: code behind a version check, a dead branch, or a 
bundled polyfill can all trigger one. Advisory findings never turn your verdict 
red on their own, and you can suppress any that you have checked.

### Does it work on a multisite network?

Yes. Network activate it, and it is managed by a super admin from the Network Admin
menu. Because a network shares one copy of each pluginÌtumọ̀ Yorùbá: ’s files, Upgrade
Pilot keeps one set of data for the whole network rather than one per subsite, which
also means it makes the same small number of requests to WordPress.org whether your
network has three sites or three hundred. Freezing a plugin holds its automatic 
updates across the network, since there is only one copy of the file.

### How do I get support?

Free support is the WordPress.org support forum for this plugin. I am one person,
and I read every thread.

Licence holders also get a private email channel with me, which is the right place
for anything you would rather not post in public: client site details, server configuration,
or a scan result that shouldnÌtumọ̀ Yorùbá: ’t be pasted into a forum. The address
is shown inside the plugin once a licence is active.

## Àwọn àgbéyẹ̀wò

![](https://secure.gravatar.com/avatar/a15f0c625a73a5e289c663f6e18a370bf506e379aa3b09f5a7c1323c595c706c?
s=60&d=retro&r=g)

### 󠀁[Big time saver](https://wordpress.org/support/topic/big-time-saver-46/)󠁿

 [fractalsamurai](https://profiles.wordpress.org/fractalsamurai/) Agẹmọ 17, 2026

Easy to set up and helps me deal with all my other plugins. Dev is responsive and
helpful. Thanks for a great plugin!

 [ Ka gbogbo àgbéyẹ̀wò 1 ](https://wordpress.org/support/plugin/upgrade-pilot/reviews/)

## Àwọn Olùkópa & Olùgbéejáde

“Upgrade Pilot” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa
sí plugin yìí.

Àwọn Olùkópa

 *   [ Luke W ](https://profiles.wordpress.org/lukeaxiomflow/)
 *   [ Freemius ](https://profiles.wordpress.org/freemius/)

[Túmọ̀ “Upgrade Pilot” sí èdè rẹ.](https://translate.wordpress.org/projects/wp-plugins/upgrade-pilot)

### Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?

[Ṣàwárí koodu](https://plugins.trac.wordpress.org/browser/upgrade-pilot/), ṣàyẹ̀wò
[ibi ìpamọ́ SVN](https://plugins.svn.wordpress.org/upgrade-pilot/), tàbí ṣe àgbékalẹ̀
sí [àkọsílẹ̀ ìdàgbàsókè](https://plugins.trac.wordpress.org/log/upgrade-pilot/) 
nípasẹ̀ [RSS](https://plugins.trac.wordpress.org/log/upgrade-pilot/?limit=100&mode=stop_on_copy&format=rss).

## Àkọsílẹ̀ àwọn àyípadà

#### 1.0.9

 * **Deactivating the plugin no longer opens the payment SDKÌtumọ̀ Yorùbá: ’s feedback
   dialog.** A submitted answer went to Freemius Ìtumọ̀ Yorùbá: – a fifth contact
   the External services list did not cover, including from users who had skipped
   the opt-in. It is switched off at the SDKÌtumọ̀ Yorùbá: ’s own `show_deactivation_feedback_form`
   filter; deactivation is one click and sends nothing. The External services list
   stays at four situations, and now it is exact.
 * **Three more remote references removed from the bundled pricing screen.** The
   SDKÌtumọ̀ Yorùbá: ’s pricing bundle could still (a) report pageviews to FreemiusÌtumọ̀
   Yorùbá: ’s Google Analytics property if an unrelated plugin had loaded GA into
   wp-admin, (b) fetch a loading-spinner image from FreemiusÌtumọ̀ Yorùbá: ’s CDN,
   and (c) load testimonial author photos from Gravatar. All three are stubbed out,
   the same way as the script injection removed in 1.0.6. Everything the pricing
   screen renders now comes from this pluginÌtumọ̀ Yorùbá: ’s own folder, unconditionally.
   All four SDK modifications are listed under “Source code”.
 * The menu item for the one Pro screen is now labelled “Reports & Automation (Pro)”,
   so it says what it is before you click it, not after.
 * The per-query annotations that explain this pluginÌtumọ̀ Yorùbá: ’s use of its
   own five tables now sit on the exact lines static analysis reads, so a reviewerÌtumọ̀
   Yorùbá: ’s Plugin Check report shows only what genuinely needs eyes. No query
   changed; the security-sniff rows are deliberately left visible.
 * The code scanner re-checks a fileÌtumọ̀ Yorùbá: ’s size at scan time and caps
   the read, so a file that grew after the queue was built cannot exhaust memory.
 * Settings are read with WordPressÌtumọ̀ Yorùbá: ’s canonical per-field pattern(
   functionally identical; every field was already validated).
 * Readme corrections: the WordPress.org API user-agent is stated version-agnostically(
   the text had gone stale at “1.0.5”; the code always sent the current version),
   the REST endpointÌtumọ̀ Yorùbá: ’s capability is stated exactly (administrators
   Ìtumọ̀ Yorùbá: – `manage_options`), the digest wording notes informational events
   stay in the UI, and the minified-files list gains `assets/js/nojquery.ba-postmessage.
   js`.

#### 1.0.8

 * The scan queueÌtumọ̀ Yorùbá: ’s bulk insert is now written inline inside `$wpdb-
   >prepare()` rather than assembled into a variable first. Functionally identical
   Ìtumọ̀ Yorùbá: – every value was always bound Ìtumọ̀ Yorùbá: – but the variable
   form made Plugin Check report a line that read like an SQL-injection finding,
   and that is not worth leaving in a security report, however safe it is.

#### 1.0.7

 * **Every claim made about the paid version is now checked against the free buildÌtumọ̀
   Yorùbá: ’s own code, in both directions.** Two of them described things the free
   version already does. Both are corrected.
 * _The re-scan._ The paid version was advertised as adding a choice of re-scan 
   frequencies, and the list of frequencies included the weekly one. The weekly 
   re-scan has always been part of the free version, and it is on by default. What
   Pro adds is running the scan daily or twice daily, and that is now all it claims.
 * _Running on a network._ The free version has always done this in full: network-
   wide storage, the Network Admin screens, and a freeze that holds across the whole
   network. It was nevertheless presented as something you had to pay for, which
   was not true. What Pro adds on a network is the Network Overview screen Ìtumọ̀
   Yorùbá: – every subsiteÌtumọ̀ Yorùbá: ’s status on one page, and which of your
   sites run a given plugin Ìtumọ̀ Yorùbá: – and that is now all it claims.
 * _The digest email._ Narrowed. The free version already emails the site administrator
   a daily digest of what changed. What Pro adds is sending the readiness summary
   to other people, on a schedule you choose, with delivery-failure reporting.
 * _The freeze._ Narrowed. Freezing a plugin by hand is free. What Pro adds is doing
   it automatically, on a policy.
 * The “Reports & Automation” screen now shows **both** lists side by side: what
   Pro adds, and the complete list of what you already have. A page that lists only
   what you could buy, and never what you already own, is how a plugin ends up implying
   you must pay for something that was already given to you.

#### 1.0.6

 * **No third-party scripts in your dashboard.** The payment SDKÌtumọ̀ Yorùbá: ’
   s bundled pricing script was injecting two remote scripts into wp-admin whenever
   the Upgrade screen rendered: Google Analytics (`www.google-analytics.com/analytics.
   js`) and a checkout library (`checkout.freemius.com/checkout.js`). The analytics
   one loaded even for people who had explicitly skipped the opt-in, which is exactly
   the person who has said they do not want to be tracked. Both are gone. Found 
   by loading every one of the pluginÌtumọ̀ Yorùbá: ’s screens in a real browser
   and reading the network log, rather than by reading the PHP Ìtumọ̀ Yorùbá: – 
   the previous audit logged only what the _server_ sent, and a script the _browser_
   is told to fetch is invisible to that. Every admin screen this plugin can show
   now makes zero third-party requests.
 * **No more trial nag.** The SDK raised a site-wide notice a day after activation
   offering a trial, and raised it again every thirty days. It is now switched off
   at the SDKÌtumọ̀ Yorùbá: ’s own `show_trial` filter. The only place this plugin
   mentions Pro is the Reports & Automation screen, which you only see if you click
   it.
 * The security notice shown when you have frozen a plugin that turns out to be 
   closed for a security issue is now dismissible, as well as disappearing by itself
   once you unfreeze or remove the plugin.
 * Documented where the SDKÌtumọ̀ Yorùbá: ’s minified files come from, and listed
   their source repositories, under a new “Source code” heading.
 * Fixed the translation template. It still described a screen that no longer exists
   Ìtumọ̀ Yorùbá: – the licence-gated version of Reports & Automation that was removed
   in 1.0.5 Ìtumọ̀ Yorùbá: – so several strings the plugin actually shows could 
   not be translated, and several it does not show could be.
 * Corrected the WordPress.org entry in External services, which linked to the privacy
   policy twice and called one of them terms of use. Added the request budget: plugin
   lookups are batched, so a 40-plugin site makes one plugin request a day, not 
   forty.

#### 1.0.5

 * The machine-readable export is now free and ungated. `wp upgrade-pilot scan --
   format=json` previously refused to emit JSON unless a Pro-only filter switched
   it on, even though the report had already been assembled locally a few lines 
   earlier. That gate is gone. The report is encoded and returned, for everyone.
 * `wp upgrade-pilot report` now accepts `--format=json` too. Previously only `scan`
   took a format, which meant the only way to get JSON was to re-run a full scan.
 * In JSON mode the progress messages are suppressed, so `wp upgrade-pilot scan --
   format=json | jq .` parses. They previously shared STDOUT with the payload.
 * The REST endpoint `GET /wp-json/upgrade-pilot/v1/report` is now part of the free
   version. It returns the same document as the CLI, over one shared schema (`upgrade-
   pilot/report@1`). It is protected by the same capability check as the admin screens:
   any user who can manage plugins can read it, and an anonymous request is refused.
 * Removed the last licence check from the pluginÌtumọ̀ Yorùbá: ’s own code. The“
   Reports & Automation” screen no longer asks the payment SDK anything at all; 
   it describes what Pro adds and links to pricing.
 * Completed the External services disclosure for the checkout. Going to checkout
   sends Freemius your WordPress administrator email address, filled in for you 
   without you typing it Ìtumọ̀ Yorùbá: – that is now stated plainly. The checkout
   page also loads PayPal and Google Tag Manager, which the previous text did not
   mention; it named only Stripe. Found by logging every request and reconciling
   the log against the readme in both directions.

#### 1.0.4

 * Rewrote the External services section from a measured log of every request the
   plugin actually makes, rather than from memory, including what was verified NOT
   to happen.

#### 1.0.3

 * The pluginÌtumọ̀ Yorùbá: ’s own page and the authorÌtumọ̀ Yorùbá: ’s page now
   have separate URLs in the plugin header, as WordPress.org requires.

#### 1.0.2

 * External services now discloses that the “Contact Us” menu item opens FreemiusÌtumọ̀
   Yorùbá: ’s hosted support form, and that the link carries your site URL and WordPress
   login URL.

#### 1.0.1

 * Clearer instructions for licence and trial holders on how to install the Pro 
   version.

#### 1.0.0

 * Initial release: daily update-trust monitoring (author and contributor changes,
   closures with the reason given), per-plugin automatic-update freeze, upgrade 
   readiness report (server checks plus a WordPress.org cross-reference of every
   plugin and theme, including abandonment scoring), time-sliced static PHP compatibility
   scanner with fact and advisory tiering, Site Health tests, dashboard widget, 
   email alerts and digest, weekly re-scan, WP-CLI.

## Àkójọpọ̀ Meta

 *  Ẹ̀yà **1.0.9**
 *  Ìgbàgbọ́hùn tó kẹ́yìn **wákàtí 21 sẹ́yìn**
 *  Àwọn ìgbéwọlẹ̀ tó ṣiṣẹ́ **Tó kéré sí 10**
 *  Ẹ̀yà WordPress ** 6.2 tàbí ju bẹ́ẹ̀ lọ **
 *  Dánwò dé **7.0.2**
 *  Ẹ̀yà PHP ** 7.4 tàbí ju bẹ́ẹ̀ lọ **
 *  Èdè
 * [English (US)](https://wordpress.org/plugins/upgrade-pilot/)
 * Àwọn àmì
 * [abandoned plugins](https://yor.wordpress.org/plugins/tags/abandoned-plugins/)
   [php compatibility](https://yor.wordpress.org/plugins/tags/php-compatibility/)
   [plugin security](https://yor.wordpress.org/plugins/tags/plugin-security/)[supply chain](https://yor.wordpress.org/plugins/tags/supply-chain/)
   [updates](https://yor.wordpress.org/plugins/tags/updates/)
 *  [Ìwòye Tó Péye](https://yor.wordpress.org/plugins/upgrade-pilot/advanced/)

## Àwọn ìbò

 5 lára àwọn ìràwọ̀ 5.

 *  [  1 5-star review     ](https://wordpress.org/support/plugin/upgrade-pilot/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/upgrade-pilot/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/upgrade-pilot/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/upgrade-pilot/reviews/?filter=2)
 *  [  0 1-star reviews     ](https://wordpress.org/support/plugin/upgrade-pilot/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/upgrade-pilot/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/upgrade-pilot/reviews/)

## Àwọn Olùkópa

 *   [ Luke W ](https://profiles.wordpress.org/lukeaxiomflow/)
 *   [ Freemius ](https://profiles.wordpress.org/freemius/)

## Ìrànlọ́wọ́

Nǹkan wà tí o fẹ́ sọ? Ṣé o nílò ìrànlọ́wọ́?

 [Wo àpéjọ ìrànlọ́wọ́](https://wordpress.org/support/plugin/upgrade-pilot/)