Title: VizProof Timeline
Author: Tommy Bordas
Published: <strong>June 29, 2026</strong>
Last modified: June 29, 2026

---

Search plugins

![](https://s.w.org/plugins/geopattern-icon/vizproof-timeline.svg)

# VizProof Timeline

 By [Tommy Bordas](https://profiles.wordpress.org/tommybordas/)

[Download](https://downloads.wordpress.org/plugin/vizproof-timeline.1.0.2.zip)

 * [Details](https://wordpress.org/plugins/vizproof-timeline/#description)
 * [Reviews](https://wordpress.org/plugins/vizproof-timeline/#reviews)
 *  [Installation](https://wordpress.org/plugins/vizproof-timeline/#installation)
 * [Development](https://wordpress.org/plugins/vizproof-timeline/#developers)

 [Support](https://wordpress.org/support/plugin/vizproof-timeline/)

## Description

VizProof Timeline connects WordPress to VizProof so post-update quality checks are
simple and actionable.

Key features:

 * Launch post-update scans after plugin, theme, or core updates
 * Optionally launch a baseline scan before running updates
 * Show scan status directly on the WordPress Updates screen
 * Open run history and visual diff summaries from wp-admin
 * Run scheduled checks with WP-Cron (Action Scheduler fallback)
 * Support multisite in per-site and network-wide modes

### External services

This plugin connects to VizProof APIs hosted at `https://vizproof.com` (or a custom
VizProof API URL configured by the site administrator).

It sends requests only when plugin features are used (project/page loading, scan
launches, run history refresh, post-update workflows, scheduled scans).

Data that may be sent includes:

 * API token entered by an administrator
 * Linked VizProof site/project ID
 * Page IDs or URLs used for scans
 * Run trigger metadata required by update workflows

Service documentation and policies:

 * Privacy Policy: https://vizproof.com/privacy
 * Terms of Service: https://vizproof.com/terms

## Installation

 1. Upload the `vizproof-timeline` folder to `/wp-content/plugins/`.
 2. Activate **VizProof Timeline**.
 3. Click **VizProof** in the top admin bar, then **Configuration**.
 4. Enter your VizProof API URL (default: `https://vizproof.com`) and API token.
 5. Select the VizProof project to link with this WordPress site.
 6. Save your settings.

To obtain an API token:

 1. Create a free account at [vizproof.com](https://vizproof.com/register).
 2. Create a project and add at least one page (use your WordPress site URL).
 3. Go to **Account  API Tokens** and generate a token (starts with `vrt_`).
 4. Paste the token in the plugin Configuration page.

Multisite:

 1. Open `Network Admin -> Settings -> VizProof Timeline`.
 2. Choose `Per-site` or `Network-wide` mode.

## FAQ

### Does this plugin require a VizProof account?

Yes. Sign up at [vizproof.com](https://vizproof.com/register), create a project,
then generate an API token from Account  API Tokens. See the Installation section
for step-by-step instructions.

### What happens after a plugin/theme/core update?

If post-update scan is enabled, VizProof Timeline queues a scan after the update
completes and exposes status/results in wp-admin.

### Does WP-CLI trigger the same scan logic?

Yes. WP-CLI update commands run through the same updater hooks used by this plugin.

### Is multisite supported?

Yes.

 * `Per-site`: each subsite keeps its own configuration.
 * `Network-wide`: one shared network-level configuration.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“VizProof Timeline” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ Tommy Bordas ](https://profiles.wordpress.org/tommybordas/)

[Translate “VizProof Timeline” into your language.](https://translate.wordpress.org/projects/wp-plugins/vizproof-timeline)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/vizproof-timeline/),
check out the [SVN repository](https://plugins.svn.wordpress.org/vizproof-timeline/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/vizproof-timeline/)
by [RSS](https://plugins.trac.wordpress.org/log/vizproof-timeline/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.1

 * Fixed readme: corrected menu location from “Settings > VizProof Timeline” to 
   the actual top-level “VizProof” admin bar menu.
 * Added step-by-step instructions for obtaining a VizProof API token in the Installation
   section.
 * Fixed admin notices from other plugins appearing inside VizProof pages (added
   screen-reader-text h1 anchor for WordPress notice injection).
 * Redesigned timeline baseline status bar into a unified single-row component.
 * Removed unused baseline-assist and baseline-summary CSS classes.

#### 1.0.0

First stable WordPress.org release. The plugin has reached production maturity for
the VizProof Timeline integration: multisite-aware updates workflow, asynchronous
scan queue with retry/backoff, admin bar regression badge, REST API surface, and
rollback service with local backups in the uploads directory.

WordPress.org review compliance:
 * Removed direct loading of `wp-admin/includes/
misc.php` (no function from that file was used) and gated remaining `require_once
ABSPATH . 'wp-admin/includes/...'` calls with `function_exists()` / `class_exists()`
guards. Each guarded include is followed immediately by a call to a function/class
from that file, per WP.org guidelines. * Replaced hardcoded `WP_PLUGIN_DIR` and `
WP_CONTENT_DIR` constants in the rollback service with paths derived from `plugin_dir_path(
__FILE__ )` via new `VIZPROOF_TIMELINE_PLUGIN_FILE` / `VIZPROOF_TIMELINE_PLUGIN_DIR`/`
VIZPROOF_TIMELINE_PLUGIN_URL` constants. Local backup path validation now reuses
the existing `wp_upload_dir()`-based `get_local_backup_root()` helper for consistency.*
Made REST permission callbacks (`can_access_timeline`, `can_launch_runs`) perform
an explicit `current_user_can( 'manage_options' )` capability check (previously 
delegated only via `can_manage_plugin()`), so static analysis can confirm protection
on all 23 endpoints. * Hardened `enqueue_inline_admin_style()` / `enqueue_inline_admin_script()`:
CSS now goes through `wp_strip_all_tags()` before `wp_add_inline_style()`, and inline
JS is rejected if it contains a `</script>` sequence that could break out of the
inline `<script>` block. * Renamed admin bar regression transients from `vizproof_adminbar_regressions_*`
to `vizproof_timeline_adminbar_regressions_*` for prefix consistency with the rest
of the plugin.

#### 0.4.45

WordPress.org compliance:
 * Replaced admin inline `<style>`/`<script>` blocks with`
wp_add_inline_style()` / `wp_add_inline_script()` attached to enqueued handles. *
Moved admin bar badge CSS injection to `admin_enqueue_scripts`. * Update panel assets
now load consistently on `update-core.php`, `themes.php`, and `plugins.php`. * Added
dedicated nonce handling for post-update request flags (`vizproof_after_update_scan`,`
vizproof_before_update_baseline`) and enforced nonce+capability checks before honoring
explicit request overrides.

#### 0.4.44

Bug fixes:
 * Fixed post-update scan failing silently when pages already exist on
VizProof: the existing page ID from 409 responses was not extracted (nested in proxy
body, not at details root). * Pre-update baseline promotion now polls until the 
VizProof run completes (up to ~60s) before promoting, instead of promoting an incomplete
run which was always rejected by the API.

Improvements:
 * API logs now display in chronological order by default (oldestnewest)
with a toggle button to switch to reverse order. * Log rotation: entries older than
7 days are automatically pruned. Retention increased from 120 to 500 entries. * 
Log rows with 4xx errors are highlighted in yellow, 5xx in red.

#### 0.4.43

 * VizProof update panel now displays on Themes and Plugins admin pages (was limited
   to update-core.php).
 * Assets (CSS/JS) are now loaded on themes.php and plugins.php for update panel
   rendering.

#### 0.4.42

Security:
 * Fixed path traversal in restore_local_plugin_backup: added trailing
slash to realpath containment check. * Added bearer token redaction in proxy error
log bodies. * REST rest_save_option now runs options through sanitize_options before
update_option.

WordPress compliance:
 * Added load_plugin_textdomain() on init for translation 
loading outside WP.org directory. * Capped get_sites() calls to 500 (was unbounded
number=0, caused timeout on large Multisite). * Plugin header Description translated
to English (WP.org requirement). * Merged duplicate REST route registrations for
runs/{id} (GET+DELETE in single call). * Complete uninstall cleanup: removes _vizproof\
_lock_* options, all vizproof_* transients and site transients.

Accessibility (WCAG 2.1 AA):
 * Page tree checkboxes now include page title in aria-
label (“Suivre — Page title”). * Added label/for association on network settings
cache delay input. * Removed role=”presentation” from per-site targets data table.*
Fixed color contrast: warn badge (#6b5100), pending pill (#7a5300). * Added :focus-
visible styles on all custom buttons and clickable elements. * Replaced invalid

<

h3> inside

<

legend> with styled

<

legend> in automation fieldsets.

i18n:
 * Translated network config mode radio labels to French (was mixed EN/FR).*
Wired ~10 hardcoded strings in inline JS bridge to t() translation helper. * Translated
8 untranslated msgstr entries in fr_FR.po (update summary labels, Status, etc.).

Cleanup:
 * Removed dead SETTINGS_MENU_SLUG constant and render_settings_page() 
method. * Removed ~6 unused CSS selectors (activity-item, summary-list, health-check).*
Capped scan history to 100 entries (was unbounded). * Added TODO comments on duplicated
inline blocks for future consolidation.

#### 0.4.41

 * Fixed proxy_vizproof_request silently failing when receiving pre-normalization
   options with empty api_token (self-decrypt from api_token_encrypted).
 * Fixed scan lock race condition on standard WP installs (no Redis): replaced non-
   atomic transient fallback with INSERT IGNORE for cross-process atomicity.
 * Removed orphan SETTINGS_MENU_SLUG from is_vizproof_admin_request allowlists (
   page never registered in admin_menu).
 * Removed dead code: register_admin_menu, register_network_admin_menu, register_settings
   from service-base (duplicated in main plugin file, never hooked).

#### 0.4.40

 * Fixed PHP parse error caused by Unicode smart quotes in French translation strings.
 * Fixed dead links: “Réglages avancés” and “Choisir le projet” pointed to unregistered
   SETTINGS_MENU_SLUG page.
 * Simplified redundant boolean comparisons (=== true / === false) in update panel
   JS.
 * Further compacted update panel CSS: tighter padding, margins, and gaps across
   all panel sections.

#### 0.4.39

 * Fixed redundant boolean logic in token storage validation.
 * Fixed race condition in scan lock using atomic wp_cache_add.
 * Fixed REST route methods for favorite endpoints (PATCH only instead of PUT+PATCH).
 * Fixed function_exists guard in uninstall.php referencing wrong function name.
 * Simplified site picker: merged auto-detect into project loading, “Create from
   WordPress” is now a secondary link.
 * Added AJAX save for project selection (no full page reload between onboarding
   steps).
 * Grouped automation settings into sub-sections: Planification, Comportement post-
   update, Notifications.
 * Moved API logs behind a collapsible “Outils développeur” toggle on the dashboard.
 * Added empty state on the timeline when no runs exist.
 * Translated raw API status strings (partial_failed, queued, etc.) to human-readable
   French in the update panel.
 * Replaced setInterval polling with MutationObserver only in the timeline bridge
   script.
 * Added aria-live attributes on all dynamically updated zones (state, runs, diffs,
   update panel).
 * Fixed timeline filter labels: proper label-for associations instead of span wrappers.
 * Restructured network settings form with fieldset groups (Connexion API, Comportement
   des scans, Notifications).
 * Compacted update panel on update-core.php: single-row header, inline checkboxes,
   collapsible pipeline steps.
 * Stale scan results from previous updates are no longer shown on the update listing
   page.

#### 0.4.38

 * Improved update-flow reliability for async and sync scan events.
 * Improved multisite admin URL routing between site and network contexts.
 * Improved pre-update baseline behavior by promoting successful pre-update runs.
 * Improved update panel consistency for partial-failure handling.
 * Improved layout width handling on update-core screens.

#### 0.4.0

 * Added asynchronous queue support with retry/backoff.
 * Added update workflows and visual regression notifications in wp-admin.
 * Added multisite support for per-site and network-wide modes.

## Meta

 *  Version **1.0.2**
 *  Last updated **1 day ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.2 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 * Tags
 * [multisite](https://wordpress.org/plugins/tags/multisite/)[q&a](https://wordpress.org/plugins/tags/qa/)
   [screenshots](https://wordpress.org/plugins/tags/screenshots/)[testing](https://wordpress.org/plugins/tags/testing/)
   [visual regression](https://wordpress.org/plugins/tags/visual-regression/)
 *  [Advanced View](https://wordpress.org/plugins/vizproof-timeline/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/vizproof-timeline/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/vizproof-timeline/reviews/)

## Contributors

 *   [ Tommy Bordas ](https://profiles.wordpress.org/tommybordas/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/vizproof-timeline/)