WordPress.org
Get WordPress
WordPress.org

Plugin Directory

AutoFetch Content Migration

AutoFetch Content Migration

By eslamdev™
Download

Description

AutoFetch Content Migration lets you connect a destination WordPress site to a remote source WordPress site’s REST API to query, filter, and import any public post type (posts, pages, custom post types), media assets, categories, and tags — all handled incrementally over AJAX to avoid timeouts.

Unlike traditional migration tools that require database dumps or XML exports, AutoFetch handles the process post-by-post without touching the source site’s database directly.

Authentication

AutoFetch uses WordPress Application Passwords for secure, authenticated access to the source site. This allows importing published, draft, pending, and private posts with full content and metadata.

Security Features

  • SSRF Protection: Source URLs are validated against private and loopback address ranges.
  • PHP Object Injection Mitigation: Deserialization of custom fields is handled with allowed_classes set to false.
  • Server-Side Transients: Credentials are stored in server-side transients expiring in 1 hour.
  • HTTPS Enforcement: Application Password connections require HTTPS.
  • Per-Post Capability Checks: REST API meta exposure is gated by per-post edit capability.

Migration Features

  • Dynamic Post Type Support: Automatically detects all public post types on the source site.
  • Deep Media Sideloading: Downloads images, registers them in the Media Library, and rewrites URLs.
  • Smart Taxonomy Sync: Automatically syncs and assigns categories and tags to imported posts.
  • Auto-Resume Engine: Resumes bulk imports after a crash or page reload.
  • SEO Meta Mapping: Preserves metadata for Yoast SEO and Rank Math.
  • Migration Reports: Every imported post is tracked with its original source URL and import timestamp.

Installation

  1. Upload the plugin folder to the /wp-content/plugins/ directory, or install it directly via the WordPress admin panel.
  2. Activate the plugin.
  3. Access the settings panel from AutoFetch Migration in the admin sidebar.

FAQ

How is this different from the default WordPress importer?

AutoFetch imports content dynamically over the REST API without requiring XML files. It also handles media sideloading reliably without timeout errors.

What post types can I import?

AutoFetch automatically detects all public post types (posts, pages, custom post types, WooCommerce products, etc.) available on the source site via the REST API.

Can I import drafts and private posts?

Yes. Using the Application Password authentication method, you can access private, draft, and pending posts from the source site.

How do I set up Application Passwords?

On your source site, go to Users Profile scroll down to “Application Passwords”. Enter a name like “Migration” and click “Add New”. Copy the generated password and use it in the plugin settings.

Is it safe to use?

Yes. The plugin includes protections against SSRF, XSS, and PHP Object Injection. Credentials are stored in temporary server-side transients that expire after 1 hour. REST API meta is only exposed to users with per-post edit capabilities.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“AutoFetch Content Migration” is open source software. The following people have contributed to this plugin.

Contributors

Translate “AutoFetch Content Migration” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.4.0

  • Dynamic Post Type Detection: The plugin now automatically detects all available public post types from the source site via the REST API.
  • Added Private status option to the import status selector.
  • Security: REST API meta exposure now uses per-post capability checks instead of broad role checks.
  • Full compliance with WordPress.org Plugin Directory Guidelines 5 and 6.

1.3.0

  • Added Migration Reports tab: view full import history with source URLs and timestamps.
  • Application Password authentication fully supported for accessing private and draft content.
  • Streamlined the admin UI for a cleaner, more focused user experience.

1.2.0

  • Strengthened input validation and output sanitization across all modules.
  • Improved server-side request handling with stricter URL validation.
  • Added Toast notifications for real-time user feedback during operations.

1.1.0

  • Initial public release.

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Support

Got something to say? Need help?

View support forum

Donate

Would you like to support the advancement of this plugin?

Donate to this plugin