WP Debug Toolkit's version 1.1.0 Beta 1 is our biggest update yet, bringing a full Query Logger, a new email notification system, and a major round of security hardening for the standalone viewer. 

Highlights

• Query Logger — Real-time database query monitoring with slow query detection, N+1 identification, per-component performance breakdowns, and encrypted logs at rest.
• WP-CLI commands — Manage debug settings, the standalone viewer, license activation, and log files entirely from the terminal (wp dbtk).
• Automatic log cleanup — Configurable delete, archive, or truncate strategies with size limits and age-based rotation.
• Security hardened viewer — Mandatory password protection, SQLite-backed rate limiting with progressive lockout, session timeouts with IP binding, and expanded path traversal prevention.

New From Beta: 

• New: WP-CLI commands for license activation, debug toggling, viewer setup, and log management (wp dbtk)
• Improved: Production and performance warnings in setup wizard for debug mode and query logging
• Improved: "Install without tools" option to set up the viewer without enabling debugging tools
• Security: Query logs encrypted at rest
• Security: Restricted wp-config backup file permissions
• Security: Hardened viewer config and auth files against direct access
• Security: Expanded viewer blocked files list with additional sensitive file patterns
• Security: Added directory listing protection for query log storage
• Improved: Setup wizard defaults tools to disabled — users opt in consciously
• Fix: Query Viewer tail reader no longer returns 0 entries on huge final log line

Full Changelog

• New: Query Logger with real-time database query monitoring and slow query detection
• New: Query Statistics Dashboard with visual performance breakdowns
• New: N+1 query detection with aggregate statistics
• New: Database query error logging with filtering
• New: Query export to CSV, JSON, and TSV formats
• New: Dynamic query statistics that recalculate based on active filters
• New: WP-CLI commands for debug, license, viewer, log, and query-log management (wp dbtk)
• New: Automatic log cleanup with delete/archive/truncate strategies and age-based rotation
• New: PHP memory limit management in Settings
• New: Upload limit controls via WordPress filters
• New: Viewer permissions health check with repair button in Site Health
• New: Email notification system for error alerts with customizable templates
• New: Modular licensing system with grandfathered benefits
• New: Viewer settings for query dashboard limit, tail scan MB, max entry MB
• New: Partner discounts page
• Added: Custom file paths configuration (DBTK_CONFIG_PATH, DBTK_LOG_PATH)
• Added: Error level selection (Debug, Info, Warning, Error)
• Added: Cache busting in Admin and Viewer apps
• Added: WordPress i18n support
• Added: Psalm static analysis with type hints
• Security: Query logs encrypted at rest
• Security: Mandatory password protection for viewer (8-character minimum)
• Security: SQLite-based rate limiting with progressive brute-force protection
• Security: Enhanced session security with 30-minute timeout and IP binding
• Security: Strengthened path traversal prevention with expanded blocklist
• Security: Replaced exec() with token_get_all() for PHP syntax validation
• Security: Fixed wp-config.php case-sensitivity bypass in viewer
• Security: Added protection for secure-debug.php (GridPane)
• Security: Scoped CORS headers to plugin endpoints only
• Security: Restricted wp-config backup file permissions
• Security: Hardened viewer config and auth files against direct access
• Security: Expanded viewer blocked files list with additional sensitive file patterns
• Security: Added directory listing protection for query log storage
• Improved: Settings UI redesign with tabbed interface
• Improved: Redesigned crash recovery with granular plugin/theme controls
• Improved: Viewer installer wizard with step-by-step guidance
• Improved: Setup wizard defaults tools to disabled — users opt in consciously
• Improved: Production and performance warnings in setup wizard for debug mode and query logging
• Improved: "Install without tools" option to set up the viewer without enabling debugging tools
• Improved: License management moved to Settings page
• Improved: Enhanced output buffer management
• Improved: Targeted cache clearing (plugin transients only)
• Improved: Better type safety and code quality across PHP and React
• Fix: Query Viewer tail reader no longer returns 0 entries on huge final log line
• Fix: Viewer auth rate limiter fallback when PDO SQLite is unavailable
• Fix: Directory permission issues on restrictive servers (umask handling)
• Fix: Viewer installation on hosts with WordPress in subfolders
• Fix: Path validation supports relative paths securely
• Fix: Health check properly loads WordPress admin functions
• Fix: Admin CSS isolation prevents conflicts with other plugins
• Fix: Compatibility with UiPress Lite and WP Dark Mode
• Fix: wp-config.php duplicate constants when reinstalling viewer

WP Debug Toolkit's version 1.1.0 Beta 1 is our biggest update yet, bringing a full Query Logger, a new email notification system, and a major round of security hardening for the standalone viewer.

• New: Viewer permissions health check with repair button in Site Health
• Fix: Directory permission issues on restrictive servers (umask handling)
• New: Query Logger - Real-time database query monitoring with slow query detection and performance metrics
• New: Database query error logging with detailed error messages and filtering
• New: N+1 Query Detection - Automatically identifies and highlights repeated queries with aggregate statistics
• New: Query export to CSV, JSON, and TSV formats with accurate component attribution
• New: Dynamic query statistics that recalculate based on active filters
• New: PHP memory limit management (writes to wp-config.php)
• New: Upload limit controls via WordPress filters
• New: Automatic log cleanup with delete/archive/truncate methods, size limits, and age-based rotation
• New: Settings UI redesign
• Security: Password protection now mandatory for viewer
• Security: SQLite-based rate limiting with progressive brute-force protection (5s > 30s > 5min > 30min > 1hr > 24hr lockout)
• Security: Enhanced session security with 30-minute timeout and IP binding
• Security: Strengthened path traversal prevention with expanded blocklist
• Security: Replaced exec() command with token_get_all() for PHP syntax validation
• Security: Fixed wp-config.php case-sensitivity bypass vulnerability in viewer
• Security: Added protection for secure-debug.php (GridPane compatibility)
• Improved: Redesigned crash recovery system with cleaner UI and granular plugin/theme controls
• Improved: License management moved to Settings page
• Improved: Enhanced output buffer management
• Added: Custom file paths configuration
• Added: Error level selection in Settings
• Added: Cache busting mechanisms in Admin and Viewer App
• Added: WordPress internationalization (wp-i18n) support
• Added: Partner discounts page
• Added: Psalm static analysis with type hints throughout the codebase
• Improved: Better type safety and code quality across PHP and React code
• Fixed: Viewer installation on hosts where WordPress files are in subfolders
• Fixed: Path validation now supports relative paths securely
• Fixed: Health check now properly loads WordPress admin functions
• Fixed: Admin CSS isolation prevents conflicts with other plugins
• Fixed: Compatibility with UiPress Lite and WP Dark Mode
• New: Email notification system for error alerts with customizable templates
• New: Modular licensing system with grandfathered benefits for early adopters
• Improved: Viewer installer wizard with step-by-step guidance
• Improved: Targeted cache clearing (only clears plugin-specific transients instead of full cache flush)
• Security: Scoped CORS headers to plugin endpoints only
• Fixed: wp-config.php duplicate constants when reinstalling viewer

• WP_DEBUG stays on for GridPane: GridPane depends on WP_DEBUG being true. Deactivating the plugin will no longer flip it off or remove the wrapped define() block that their secure-debug.php loader expects.
• Cleaner constant removal: the deactivator now detects and removes wrapped if ( ! defined() ) { … } blocks, preventing leftover braces or syntax errors when rolling back to the original configuration.

• GridPane support: We now detect secure-debug.php, locate the right configuration file automatically, and respect GridPane-specific log locations (including /logs/debug.log).
• Smarter constant management: Activating or tweaking settings updates the correct define() calls even if they are wrapped in if ( ! defined() ) blocks.
• Viewer bootstrap fixes: ABSPATH resolution is now robust when the viewer is copied to different directories.