No description
- PHP 94.9%
- CSS 3.2%
- JavaScript 1.9%
| assets | ||
| includes | ||
| languages | ||
| vendor | ||
| changelog.txt | ||
| LICENSE | ||
| readme.txt | ||
| robotstxt-mediaaudit.php | ||
| robotstxt-updater.php | ||
| uninstall.php | ||
=== Media Audit (by ROBOTSTXT) === Contributors: javiercasares, robotstxt Tags: media, copyright, images, reverse image search, media library Requires at least: 5.3 Tested up to: 7.0 Requires PHP: 8.0 Requires Plugins: action-scheduler Stable tag: 1.7.1 License: GPL-3.0-or-later License URI: https://www.gnu.org/licenses/gpl-3.0.txt Audit your media library for copyright risks: track internal usage, run reverse image search via Google Vision, TinEye, and PicDefense, and classify results against configurable alert and ignored hostname lists. == Description == Media Audit helps site owners and editors understand where their media files are used and whether those files appear elsewhere on the internet — a key signal for detecting potential copyright violations. = Features = * **Internal usage scan** — identifies every post, page, and custom post type that references each attachment as featured image, inline content, or post meta. * **External reverse image search** — submits images to Google Cloud Vision (Web Detection) and TinEye Commercial API to find matching pages across the web. * **Consensus detection** — surfaces domains independently confirmed by multiple providers, providing stronger copyright-risk signals. * **Audit list** — filterable admin page showing each attachment's external scan status, alert classification, and top matching domains. * **Alert management** — dedicated Alerts page to review active copyright-risk alerts and dismiss false positives with optional notes. Dismissed alerts are tracked separately and can be reactivated at any time. * **WP-CLI support** — run or schedule scans from the command line. * **GDPR compliance** — full WordPress privacy API integration for personal data export and erasure on request. * **Async processing** — all scanning runs via Action Scheduler to avoid blocking web requests. = Requirements = * [Action Scheduler](https://actionscheduler.org/) plugin (declared as a required dependency). * Google Cloud Vision API key (for Web Detection scanning). * TinEye Commercial API key (for reverse image search). == Using the plugin == = WP-CLI = Install tables manually (normally handled on activation): wp mra install Show current index and scan status: wp mra status Run an internal usage scan (queues a batch): wp mra scan-internal [--batch=<n>] Run an external reverse image search (queues a batch): wp mra scan-external [--batch=<n>] = Extension hooks = * `mra/internal/scanner/post_types` — filter the post types included in the internal usage scan. * `mra/internal/scanner/meta_keys` — filter the meta keys inspected during the internal scan. * `mra/external/providers` — register additional external scan providers. == Installation == = Automatic download = Visit the plugin section in your WordPress admin, search for "Media Audit"; download and install the plugin. = Manual download = Extract the contents of the ZIP and upload the folder to `/wp-content/plugins/robotstxt-mediaaudit/`. Once uploaded it will appear in your plugin list. After activation, visit **Media Audit → Settings** to enter your API credentials. == Frequently Asked Questions == = Do I need both Google Vision and TinEye keys? = No. The plugin works with either provider configured. Results will only be collected from providers with a valid API key. = Will scanning slow down my site? = No. All scans are queued and processed asynchronously by Action Scheduler in small batches. = What is consensus detection? = When the same domain appears independently in both Google Vision and TinEye results for the same image, it is flagged as a consensus match — a stronger copyright-risk signal than a single-provider finding. = Is data deleted when I uninstall? = By default, no. Enable **Settings → Delete data on uninstall** if you want all plugin tables and options removed on uninstall. == Compatibility == * WordPress: 6.8 - 7.0 * PHP: 8.2 - 8.4 * WP-CLI: 2.x * Requires Plugins: action-scheduler == Changelog == Only the 3 latest versions. The full changelog is in [changelog.txt](changelog.txt). = 1.6.0 = * Settings page reorganised into four tabs: General, API Credentials, Filters, External Scanning. * New Filters tab: configurable Alert Hostnames and Ignored Hostnames lists with wildcard support (`*.example.com`), auto-normalization (strips scheme/path/port/www., deduplicates, sorts), and default pre-populated lists (60 alert domains, 56 ignored domains) seeded on first activation. * New "Alert" status filter in the audit list and alert badge in the External Status column. * Dashboard stats: new "Alert" card showing attachments with at least one alert domain match. * Quick-view modal: ignored domains filtered out; alert domains highlighted with a status badge. * Full Report detail page: external results split into three sections — Alert, Other, and Ignored domains. * Unified CSV export replacing separate internal/external exports: "Export CSV" (all) and "Export CSV (Alerts only)", one row per attachment with all internal and external data including per-provider match counts and classified domain lists. * "Media Audit" admin menu repositioned immediately below the built-in Media menu. = 1.5.0 = * Added PicDefense as a third external scan provider: POST-based reverse image search with risk classification (high/medium/low), backlinks with similarity scores, risk flags (face/logo/landmark/stock/EXIF copyright), and label detection. * Full Report page now shows PicDefense results with picRisk badge, risk flags list, backlinks table sorted by similarity score, and detected labels. * Audit list modal shows picRisk badge inline next to the PicDefense match count. = 1.4.0 = * Added full attachment detail page (Media Audit → Full Report) showing all raw external scan data: Google Vision pages/full/partial matches with clickable URLs; TinEye backlinks with page URL, image URL, and crawl date sorted newest-first. * Fixed `rate_limit_per_minute` setting having no effect — providers were ignoring it and using a hardcoded value of 10. * Fixed `external_batch_size` setting being ignored by Action Scheduler batch processing. * Fixed TinEye domain extraction using the image CDN URL instead of the webpage URL (API field `backlink`, not `url`). = 1.2.0 = * Added browser-based AJAX scan runner in the Tools page (runs without WP-Cron or Action Scheduler). * Added "Requeue scan errors" operation to retry failed external scans after fixing API key issues. * Added "Last Scanned" column in the audit list, sortable with NULLs-last ordering. * Added bulk action to export external scan results as a CSV file. = 1.1.0 = * Updated plugin URI, author, and contributor metadata. = 1.0.0 = * First stable release. Internal usage scanning, external reverse image search (Google Vision + TinEye), consensus detection, WP-CLI commands, GDPR privacy tools, and Spanish/Catalan translations. = Previous versions = See [changelog.txt](changelog.txt) for the full history. == Compliance == This plugin adheres to the following security measures and review protocols for each version: * [WordPress Plugin Handbook](https://developer.wordpress.org/plugins/) * [WordPress Plugin Security](https://developer.wordpress.org/plugins/wordpress-org/plugin-security/) * [WordPress APIs Security](https://developer.wordpress.org/apis/security/) * [WordPress Coding Standards](https://github.com/WordPress/WordPress-Coding-Standards) * [Plugin Check (PCP)](https://wordpress.org/plugins/plugin-check/)