kistn/wp-client
Composer 安装命令:
composer require kistn/wp-client
包简介
WordPress plugin for the Kistn API
README 文档
README
WordPress plugin client for the Kistn API. Collects installed plugins, themes, and WordPress core, then pushes inventory for centralized vulnerability monitoring.
Requirements
- WordPress 6.0+
- PHP 8.3+
- WPScan API token (optional — enables vulnerability lookups)
Installation
Automatic installation via WordPress plugins
Login to your WordPress backend, navigate to Plugins → Add New and search for "kistn". When the plugin "Kistn API Client" appears, click install. After installation click activate to activate the plugin.
Manual installation
Download the current release from the WordPress plugin repository or from the releases page and upload the plugin ZIP via Plugins → Add New → Upload Plugin, then activate.
Via Composer
composer require kistn/wp-client
Then activate the plugin as usual via Plugins in your WordPress admin.
Configuration
Settings page: Settings → Kistn
Or constants in wp-config.php:
define( 'KISTN_BASE_URL', 'https://your-server.example.com' ); define( 'KISTN_PROJECT_ID', 'your-project-uuid' ); define( 'KISTN_TOKEN', 'your-api-token' ); define( 'KISTN_WPSCAN_TOKEN', 'your-wpscan-api-token' ); // optional
Constants take precedence over settings-page values.
Push Flow
Each run (scheduled or CLI):
- Preflight —
POST /preflight/wp— server returns stale slugs, cached advisory payloads, and known-private slugs. - Hash check —
GET /hashesfor all ecosystems; compare each locally; skip push if all unchanged. - WPScan lookup — query WPScan only for stale, non-private slugs. Slugs returning 404 are reported as
private_packages. - Push —
POST /inventorybundled:{"ecosystems": {"wp-plugin": {...}, "wp-theme": {...}, "wp-core": {...}}}— only ecosystems that changed.
CLI
wp kistn push
What gets collected
| Collector | Source |
|---|---|
Kistn_Plugin_Collector |
Active and inactive plugins |
Kistn_Theme_Collector |
Active theme + parent (child themes flagged is_child=true) |
Kistn_Core_Collector |
WordPress core version |
Packages without a source_url (no WordPress.org listing) are inferred as private without querying WPScan.
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 3
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-07-09