WP Debug Toolkit's version 1.1.0 Beta 1 is our biggest update yet, bringing a full Query Logger, a new email notification system, and a major round of security hardening for the standalone viewer.

• New: Viewer permissions health check with repair button in Site Health
• Fix: Directory permission issues on restrictive servers (umask handling)
• New: Query Logger - Real-time database query monitoring with slow query detection and performance metrics
• New: Database query error logging with detailed error messages and filtering
• New: N+1 Query Detection - Automatically identifies and highlights repeated queries with aggregate statistics
• New: Query export to CSV, JSON, and TSV formats with accurate component attribution
• New: Dynamic query statistics that recalculate based on active filters
• New: PHP memory limit management (writes to wp-config.php)
• New: Upload limit controls via WordPress filters
• New: Automatic log cleanup with delete/archive/truncate methods, size limits, and age-based rotation
• New: Settings UI redesign
• Security: Password protection now mandatory for viewer
• Security: SQLite-based rate limiting with progressive brute-force protection (5s > 30s > 5min > 30min > 1hr > 24hr lockout)
• Security: Enhanced session security with 30-minute timeout and IP binding
• Security: Strengthened path traversal prevention with expanded blocklist
• Security: Replaced exec() command with token_get_all() for PHP syntax validation
• Security: Fixed wp-config.php case-sensitivity bypass vulnerability in viewer
• Security: Added protection for secure-debug.php (GridPane compatibility)
• Improved: Redesigned crash recovery system with cleaner UI and granular plugin/theme controls
• Improved: License management moved to Settings page
• Improved: Enhanced output buffer management
• Added: Custom file paths configuration
• Added: Error level selection in Settings
• Added: Cache busting mechanisms in Admin and Viewer App
• Added: WordPress internationalization (wp-i18n) support
• Added: Partner discounts page
• Added: Psalm static analysis with type hints throughout the codebase
• Improved: Better type safety and code quality across PHP and React code
• Fixed: Viewer installation on hosts where WordPress files are in subfolders
• Fixed: Path validation now supports relative paths securely
• Fixed: Health check now properly loads WordPress admin functions
• Fixed: Admin CSS isolation prevents conflicts with other plugins
• Fixed: Compatibility with UiPress Lite and WP Dark Mode
• New: Email notification system for error alerts with customizable templates
• New: Modular licensing system with grandfathered benefits for early adopters
• Improved: Viewer installer wizard with step-by-step guidance
• Improved: Targeted cache clearing (only clears plugin-specific transients instead of full cache flush)
• Security: Scoped CORS headers to plugin endpoints only
• Fixed: wp-config.php duplicate constants when reinstalling viewer

• WP_DEBUG stays on for GridPane: GridPane depends on WP_DEBUG being true. Deactivating the plugin will no longer flip it off or remove the wrapped define() block that their secure-debug.php loader expects.
• Cleaner constant removal: the deactivator now detects and removes wrapped if ( ! defined() ) { … } blocks, preventing leftover braces or syntax errors when rolling back to the original configuration.

• GridPane support: We now detect secure-debug.php, locate the right configuration file automatically, and respect GridPane-specific log locations (including /logs/debug.log).
• Smarter constant management: Activating or tweaking settings updates the correct define() calls even if they are wrapped in if ( ! defined() ) blocks.
• Viewer bootstrap fixes: ABSPATH resolution is now robust when the viewer is copied to different directories.