PillarShield

Description

PillarShield integrates WordPress with the PillarShield SaaS governance API. It runs checks at the publish boundary, blocks non‑compliant content, allows optional overrides, and keeps a governance record per post for reporting. You must obtain a PillarShield API key from https://pillarshield.co for the plugin to function.

Key features:

• Gate governance checks on publish/private statuses (configurable per post type).
• Optional manual checks that never block saves.
• Override workflow for privileged users.
• Governance reporting under Tools → PillarShield (blocked-at-gate items only).
• Safe storage of outcomes without raw content.

Configuration

Settings → PillarShield:

• API Endpoint: The PillarShield governance endpoint.
• API Key: Your tenant API key (psk_...).
  • Get a key at https://pillarshield.co. The plugin does not perform governance checks without a valid API key.
  • You can also define PILLARSHIELD_API_KEY in wp-config.php to override the stored option:
    define(‘PILLARSHIELD_API_KEY’, ‘psk_…’);
• Enable Governance: Turn checks on/off.
• Allow Save Without API: Allow publishing if the API is unavailable.
• Enabled Post Types: Which post types are governed.
• Fields per Post Type: Comma‑separated fields to scan. Supports meta:KEY.
• Gate Configuration:
  • Gated statuses (default: publish + private)
  • Fallback status (default: draft)

Use the Test Connection button to validate API access.

Editor UX

On governed post types, a PillarShield meta box appears with:

• Check PillarShield governance on this save (manual check)
• Override PillarShield governance (save anyway)

These checkboxes do not persist — they only apply to the current save.

Permissions (Roles/Capabilities)

PillarShield adds these capabilities:

• pillarshield_manage_settings — manage settings page
• pillarshield_view_reports — view reports
• pillarshield_manual_check — run manual check
• pillarshield_override_governance — override violations

On activation, these are granted to Administrators only.

Override visibility requirement:
The Override checkbox only appears for users who have the pillarshield_override_governance capability. Editors will not see it unless you explicitly grant that capability via a role editor plugin or custom code.

Reporting

Tools → PillarShield:

• Overview of content currently blocked at the gate.
• Details page per post with block reason and metadata.

External services

This plugin connects to the PillarShield governance API to evaluate post content for compliance before publishing.

Service: PillarShield SaaS governance API, operated by PillarShield.
Endpoint: https://api.pillarshield.co/pillarshield-governance/governance

What is sent and when:
When a user saves a post to a gated status (by default: publish or private) on a governed post type, or manually triggers a governance check, the plugin sends a POST request containing:

• The post’s configured content fields (by default: title, body, and excerpt)
• Post metadata: post type, post ID, post UUID, post URL, and target publish status
• WordPress user context: user ID and roles (no email or username is transmitted)
• The tenant API key

No data is sent during autosaves, revisions, or saves to non-gated statuses. The plugin requires a valid API key obtained from https://pillarshield.co to function.

• Terms of service
• Privacy policy

Support

Support and documentation: https://pillarshield.co.