Spatzseo



0


Login

Get Spatz SEO

Security

Built to protect what you’ve built.

Plugins that touch your site at scale carry real risk. Spatz SEO is built modern (PHP 8.1+, PSR-4, prepared statements throughout, libsodium-encrypted secrets) and ships with the safety rails most plugins skip: every AI write is logged and revertible, rate limited, with daily spend caps and explicit confirmation on destructive operations.

Your API key — encrypted, not stored in the clear

libsodium authenticated encryption.

Most WordPress plugins that ask for an API key store it in wp_options in plaintext. If your database is ever dumped — backup mishap, hosting compromise, exposed phpMyAdmin — the key is just sitting there for the taking. Spatz SEO doesn’t do that.

How it works

  • Encrypted at rest with libsodium’s sodium_crypto_secretboxXSalsa20 + Poly1305 authenticated encryption. Tamper-detected, not just obscured.
  • Falls back to AES-256-GCM via OpenSSL when libsodium isn’t available — still authenticated, still industry-standard.
  • Encryption key is derived from your wp-config.php AUTH_KEY plus a per-install random 32-byte salt via SHA-256.
  • An attacker needs BOTH a database dump AND wp-config.php access to decrypt. A database leak alone gives them nothing useful.
  • Stored with autoload=no — the key isn’t loaded into memory on every WordPress request, only when AI features are actually used.

What we don’t do

  • Never send the key to the browser. The admin UI only shows a masked form: sk-ant-…AbC1. Even if an attacker had access to your admin panel, they couldn’t read out your key.
  • Never proxy your AI traffic. Your key goes from your site direct to Anthropic. We never see your prompts, your conversations, or your bills.
  • Never share your key. No telemetry, no analytics that include the key, no support pipeline where it gets emailed back.
  • Format-validates on save — keys that don’t start with sk-ant- are rejected before storage.
Activity log + one-click revert

Every write logged. Every change revertible.

When the AI agent changes something — applies a new meta description, updates a Woo product, generates alt text, sets a featured image — it doesn’t just do it. It records exactly what changed.

Every entry in the activity log captures:

  • Action type (apply_seo, apply_slug, update_product_seo, set_featured_image, etc. — 11 categories tracked)
  • Timestamp + WordPress user ID who triggered it
  • The post or product affected
  • The before value
  • The after value
  • The IP address the request came from (for audit trails)

Don’t like a change? Find the entry in Spatz SEO → Activity Log, click Revert. The change rolls back. Done.

Destructive actions are flagged clearly — media deletes, slug changes, schema removals all visually distinguished from additive changes. The agent confirms with you before executing any destructive write.

Belt and suspenders

Rate limits and spend caps you control.

Rate limiting

The agent can make at most 60 writes per 60 seconds per user. Stops runaway loops in their tracks. If an agent gets into a confused state and starts hammering writes, it hits the limit and pauses. Configurable via the spatz_seo_rate_limit_writes_per_minute filter if your workflow demands it.

Daily spend caps

Default daily spend cap is $5 — once you’ve spent $5 of your own Anthropic credit in a day, the plugin stops calling the AI until tomorrow. Visible counter in the dashboard. Filter spatz_seo_daily_cost_cap to adjust. Stops “I tested an agent task and now my Anthropic bill is $400” stories before they happen.

SSRF protection

The upload_image_from_url tool — used by the agent to fetch external product images — is hardened against Server-Side Request Forgery. Internal-network URLs (127.0.0.1, 192.168.x, AWS metadata endpoints) are blocked. Stops an attacker from tricking the plugin into hitting your private cloud-metadata service.

Response caching

Repeated AI requests for the same content (same prompt, same input) are cached for 7 days. Re-analyzing the same post a week later doesn’t double-charge you. Combined with the daily cap, your spend stays predictable.

The boring stuff that matters

Codebase quality, in numbers.

The boring decisions matter as much as the cryptography. A plugin that uses raw SQL queries gets exploited eventually, regardless of how well it stores secrets. Spatz SEO is built modern from the ground up.

38

prepared SQL statements — zero raw query interpolation. No SQL injection vulnerabilities.

164

escaping calls before any output reaches the browser. No XSS vulnerabilities.

82

sanitization calls on incoming data. Every input scrubbed before use.

36

capability checks on every privileged action. No “any logged-in user can do this” mistakes.

  • PHP 8.1+ with strict types. Type errors caught at execution, not in production.
  • PSR-4 namespaced (SpatzSEO\). No global state, no autoloader collisions.
  • Custom dependency injection container — no magic globals, every service constructable in isolation for testing.
  • Every REST endpoint has permission_callback. No open endpoints, no “I forgot to add the check” mistakes.
  • Nonce verification on all form submissions. CSRF-protected by default.
  • Audited against WordPress Coding Standards 3.1.0 (PHPCS). No SQL injection or XSS vulnerabilities in the codebase.
Where your data goes

We can’t see your data — by design.

The plugin’s AI features send data to Anthropic, not to us. Your site’s content, your API prompts, your AI-generated outputs — they go from your WordPress installation directly to Anthropic’s API using your own key. We’re not in the middle. We can’t see them because they don’t pass through any system we operate.

Anthropic does not train on API content per their data policy (anthropic.com/legal). API traffic is excluded from training data sets.

What we DO see: your name, email, billing address, license key, and license activations (which sites you’ve activated the plugin on). That’s it. Standard ecommerce data needed to sell you software and validate your license. Detailed in our Privacy Policy.

If you’re GDPR-compliant: Anthropic is YOUR sub-processor (not ours) for AI-related processing. You disclose them in your privacy policy. We provide the tooling; you control the data.

Honest framing

What this doesn’t guarantee.

A well-built plugin is one layer of defense. We can’t protect against everything:

  • Your WordPress core, themes, and other plugins. A vulnerability anywhere else in your stack can still compromise your site. Keep everything updated.
  • Your hosting environment. A compromised host means compromised everything. Use a reputable WordPress-focused host.
  • Your admin credentials. A leaked password or stolen 2FA token bypasses every plugin-level protection. Use strong passwords + 2FA + Wordfence-style login security.
  • Your Anthropic account. If your Anthropic API key is leaked outside Spatz SEO (in a different unencrypted plugin, or pasted into a public repo), it’s compromised regardless of how well we protect it here. Rotate keys if you suspect leakage.

Spatz SEO does its part. The rest of the security stack is your responsibility. Both are necessary.

Secure SEO infrastructure for your WordPress site.

Get Spatz SEO →
See all features