You've already forked wp-prometheus
magdev
1b1e818ff4
Security audit findings addressed: - Replace jQuery .html() with safe .text() DOM construction (XSS prevention) - Use crypto.getRandomValues() instead of Math.random() for token generation - Add 1MB import size limit to prevent DoS via large JSON payloads - Remove site_url from metric exports (information disclosure) - Add import mode allowlist validation Refactoring: - Extract shared wp_prometheus_authenticate_request() function (DRY) - Extract showNotice() helper in admin.js (DRY) - Extract is_hpos_enabled() helper in Collector (DRY) Performance: - Optimize WooCommerce product counting with paginate COUNT query Housekeeping: - Add missing options to Installer::uninstall() cleanup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>