Kistn API Client

Description

Collects installed plugins, themes, and WordPress core, then pushes inventory to your Kistn server for centralized vulnerability monitoring.

Push flow:

  1. Preflight — asks the server which slugs need a fresh advisory check and which are known-private.
  2. Hash check — skips push if inventory unchanged.
  3. WPScan lookup — queries the WPScan vulnerability database only for stale, non-private slugs.
  4. Push — sends packages, vulnerability findings, advisory snapshots, and any newly-discovered private slugs.

Private packages (those absent from the WPScan database) are tracked server-side so subsequent runs never waste WPScan quota on them. When the server later confirms a package is public, the project owner is notified.

Configuration via Settings Kistn, or via constants in wp-config.php:

define( ‘KISTN_BASE_URL’, ‘https://your-server.example.com’ );
define( ‘KISTN_PROJECT_ID’, ‘your-project-uuid’ );
define( ‘KISTN_TOKEN’, ‘your-api-token’ );
define( ‘KISTN_WPSCAN_TOKEN’, ‘your-wpscan-api-token’ ); // optional, enables vulnerability lookups

External services

This plugin can connect to WPScan API to obtain latest security information about your installation. Use of this feature is optional. To use this feature, you need a WPScan account and your own API token.

When the feature is used, this plugin sends information about installed WordPress core, plugins and themes to retrieve latest security advisories about your installed components. The service is provided by “WPScan”: https://wpscan.com/terms/, https://automattic.com/privacy/.

Installation

  1. In your WordPress admin, go to Plugins Add New, search for “Kistn API Client”, install and activate.
  2. Alternatively, upload the plugin ZIP via Plugins Add New Upload Plugin, then activate.
  3. Alternatively, via Composer: composer require kistn/wp-client, then activate as usual.
  4. Go to Settings Kistn and configure your API credentials.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Kistn API Client” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Kistn API Client” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.1

  • Fix: WPScan requests now pause until the next day (site timezone) after hitting the 429 rate limit, instead of retrying every remaining slug in the same run.
  • Change: The Push Interval field is now hidden when Schedule Mode is set to WP-CLI only (it doesn’t apply to that mode).
  • Change: Renamed the WP-CLI command from wp inventory push to wp kistn push.
  • Change: Added an example placeholder to the API Base URL field.
  • Docs: Documented WordPress-plugin-repository installation as the primary install method.
  • Change: The server-crontab hint under Settings Kistn now toggles live when Schedule Mode is switched, instead of only appearing after a save.
  • Docs: Documented Composer installation option (composer require kistn/wp-client) in README.md and readme.txt.

1.0.0

  • Initial release.