WordPress.org
Get WordPress

Plugin Directory

Changeset 3485089


Ignore:
Timestamp:
03/17/2026 08:46:48 PM (2 weeks ago)
Author:
mtnviewpro
Message:

Fixed verification badge text ("Verified") appearing as plain text in search engine title tags when Yoast SEO (and other SEO plugins) are active. SEO plugins call get_the_title() while building the <title> tag before wp_head completes; the badge HTML was being appended, stripped of its tags, and indexed as part of the post title. Badge now only injects after wp_head has fired, ensuring it renders in the page body only and is never seen by search engines.

Location:
archiviomd
Files:
51 added
3 edited

Legend:

Unmodified
Added
Removed

  • archiviomd/trunk/includes/class-archivio-post.php

    r3476082 r3485089  
    635635    public function maybe_display_title_badge( $title, $post_id = null ) {
    636636        if ( ! is_singular() || ! in_the_loop() || ! is_main_query() ) {
     637            return $title;
     638        }
     639
     640        // Yoast SEO (and other SEO plugins) call get_the_title() while building
     641        // the <title> tag, before wp_head completes. Without this guard the badge
     642        // HTML gets appended, Yoast strips the tags, and "Verified" appears as
     643        // plain text in the title Google indexes. Only inject the badge once the
     644        // <head> has fully fired so it only ever renders in the page body.
     645        if ( ! did_action( 'wp_head' ) ) {
    637646            return $title;
    638647        }

  • archiviomd/trunk/meta-documentation-seo-manager.php

    r3480755 r3485089  
    44 * Plugin URI: https://mountainviewprovisions.com/ArchivioMD
    55 * Description: Manage meta-docs, SEO files, and sitemaps with audit tools and HTML-rendered Markdown support.
    6  * Version: 1.19.0
     6 * Version: 1.19.1
    77 * Author: Mountain View Provisions LLC
    88 * Author URI: https://mountainviewprovisions.com/
     
    2020
    2121// Define plugin constants
    22 define('MDSM_VERSION', '1.19.0');
     22define('MDSM_VERSION', '1.19.1');
    2323define('MDSM_PLUGIN_DIR', plugin_dir_path(__FILE__));
    2424define('MDSM_PLUGIN_URL', plugin_dir_url(__FILE__));

  • archiviomd/trunk/readme.txt

    r3480755 r3485089  
    11=== ArchivioMD ===
    2 Contributors: mountainviewprovisions
     2Contributors: mtnviewpro
    33Tags: security, compliance, cryptography, content-integrity, digital-signature
    44Requires at least: 5.0
    55Tested up to: 6.9
    6 Stable tag: 1.19.0
     6Stable tag: 1.19.1
    77Requires PHP: 7.4
    88License: GPLv2 or later
    99License URI: https://www.gnu.org/licenses/gpl-2.0.html
    1010
    11 Cryptographic content integrity for WordPress — hashing, multi-algorithm signing, RFC 3161 timestamps, Rekor transparency log, DANE corroboration, steganographic fingerprinting, and compliance exports.
     11Cryptographic content integrity for WordPress — hashing, signing, RFC 3161 timestamps, Rekor transparency log, and DANE corroboration.
    1212
    1313== Description ==
     
    215215== Changelog ==
    216216
     217= 1.19.1 =
     218* Fixed verification badge text ("Verified") appearing as plain text in search engine title tags when Yoast SEO (and other SEO plugins) are active. SEO plugins call `get_the_title()` while building the `<title>` tag before `wp_head` completes; the badge HTML was being appended, stripped of its tags, and indexed as part of the post title. Badge now only injects after `wp_head` has fired, ensuring it renders in the page body only and is never seen by search engines.
     219
    217220= 1.19.0 =
    218221* Fixed custom markdown files returning 404. WordPress rewrite rules now register routes for both the root path and the `/.well-known/meta-docs/` path, which is where the file manager stores custom files by default. Previously only the root-level route was registered, so any request to the `.well-known` path fell through to a 404.
     
    221224* Hardened REST API verification endpoint: added per-IP rate limiting (60 req/min), restricted URL resolution to the site's own domain to prevent cross-origin post enumeration, replaced table-name SQL interpolation with a whitelisted identifier check, changed `Cache-Control` on `/verify` from `public` to `private` to prevent shared-proxy caching of verification status, and reduced `/status` cache TTL to prevent stale feature-flag disclosure.
    222225
    223 = 1.19.0 =
    224 * Added support for Browser Extention Verifcation - Chrome & Firefox and Python Script Support`.
     226= 1.17.4 =
     227* Fixed version mismatch: plugin header `Version` and `MDSM_VERSION` constant were stuck at 1.16.0 across the 1.17.x release series. Both now correctly read 1.17.4 and match the readme `Stable tag`.
    225228
    226229= 1.17.3 =
     
    301304== Upgrade Notice ==
    302305
     306= 1.19.1 =
     307Fixes verification badge text appearing in search engine title tags when Yoast SEO or other SEO plugins are active. Recommended for all users. No configuration changes required.
     308
    303309= 1.19.0 =
    304310Fixes custom markdown files returning 404 (`.well-known/meta-docs/` routing), unreliable rewrite flush after AJAX file creation, and REST endpoint security hardening. Recommended for all users. No configuration changes required.
     
    321327= 1.13.1 =
    322328Security hardening for Canary Tokens: SSRF fix, rate limiter bypass fix, evidence receipt integrity fix, ReDoS fix, and removal of `sslverify => false`. Upgrade recommended for all sites using Canary Tokens.
    323 
    324 = 1.13.0 =
    325 Adds two CDN-proof structural fingerprinting channels, cache compatibility improvements, REST endpoint renaming, and wp_options key obfuscation. Option keys migrated automatically on first load — no administrator action required.
Note: See TracChangeset for help on using the changeset viewer.