{"id":297805,"date":"2026-06-16T08:43:11","date_gmt":"2026-06-16T08:43:11","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/aura-frontend-inspector\/"},"modified":"2026-06-16T12:43:48","modified_gmt":"2026-06-16T12:43:48","slug":"aura-frontend-inspector","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/aura-frontend-inspector\/","author":14394976,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"2.5.9","stable_tag":"trunk","tested":"7.0","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"Aura Frontend Inspector","header_author":"Pedro Matias","header_description":"Universal tool to detect and fix HTML and accessibility issues on WordPress sites. Detects duplicate IDs, missing labels, and other common issues.","assets_banners_color":"8b93ba","last_updated":"2026-06-16 12:43:48","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/pedromatias.dev","rating":0,"author_block_rating":0,"active_installs":0,"downloads":48,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.5.7":{"tag":"2.5.7","author":"FroPT","date":"2026-06-12 08:57:26"},"2.5.8":{"tag":"2.5.8","author":"FroPT","date":"2026-06-16 10:48:33"},"2.5.9":{"tag":"2.5.9","author":"FroPT","date":"2026-06-16 12:43:48"}},"upgrade_notice":{"2.5.9":"

Fixes incorrect\/negative "time ago" values in the Logs table caused by a timezone double-conversion.<\/p>","2.5.8":"

Important fix: "Scan Now" could silently do nothing under certain environment settings. Now always runs when triggered by an admin, and confirms when a scan finds zero issues.<\/p>","2.5.7":"

Compliance and scanner patch: eliminates WP admin bar \/ Query Monitor false positives, switches to wp_json_encode(), and addresses all Plugin Check warnings.<\/p>","2.5.6":"

WP.org compliance patch: sanitization fixes and HTML capture feature removed from free build.<\/p>","2.5.5":"

Compliance patch: wp_die() strings wrapped with esc_html__() in AJAX handlers.<\/p>","2.5.1":"

Compliance patch: remaining inline scripts extracted to enqueued files; nonce inputs sanitized before verification in Captures page.<\/p>","2.5.0":"

Admin UI restructured: Logs and Settings are now separate tabs for a cleaner workflow.<\/p>","2.4.8":"

Security patch completing nonce sanitization and JSON decode hardening across all admin handlers.<\/p>","2.4.7":"

Security and WordPress.org compliance release. Fixes nonce sanitization, removes CDN dependencies, and extracts all inline scripts to properly enqueued files.<\/p>","2.4.0":"

Highly recommended: Introduces the AI-Native ARF 1.0 reporting and "Copy AI Prompt" feature for faster debugging.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3574373,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3574373,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3574373,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3574373,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.5.7","2.5.8","2.5.9"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Dashboard Overview<\/strong>: A central view of all detected issues, statistics, and plugin settings.","2":"Issue Log<\/strong>: Filterable log entries with \"Copy AI Prompt\" and \"View Code\" shortcuts.","3":"AI Integration<\/strong>: Example of how the ARF 1.0 prompt looks when pasted into an AI assistant.","4":"HTML Capture<\/strong>: The interface for managing and viewing rendered HTML snapshots.","5":"Admin Bar<\/strong>: The unobtrusive status indicator in the WordPress admin bar."}},"plugin_section":[],"plugin_tags":[1447,1953,8533,246,34796],"plugin_category":[34],"plugin_contributors":[266807],"plugin_business_model":[],"class_list":["post-297805","plugin","type-plugin","status-publish","hentry","plugin_tags-a11y","plugin_tags-accessibility","plugin_tags-audit","plugin_tags-html","plugin_tags-inspector","plugin_category-accessibility","plugin_contributors-fropt","plugin_committers-fropt"],"banners":{"banner":"https:\/\/ps.w.org\/aura-frontend-inspector\/assets\/banner-772x250.png?rev=3574373","banner_2x":"https:\/\/ps.w.org\/aura-frontend-inspector\/assets\/banner-1544x500.png?rev=3574373","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/aura-frontend-inspector\/assets\/icon-128x128.png?rev=3574373","icon_2x":"https:\/\/ps.w.org\/aura-frontend-inspector\/assets\/icon-256x256.png?rev=3574373","generated":false},"screenshots":[],"raw_content":"\n

Aura Frontend Inspector<\/strong> is a professional-grade debugging tool designed for WordPress developers and agencies who need to ensure their sites are compliant, accessible, and error-free.<\/p>\n\n

Unlike traditional auditors, Aura is built for the AI era. It features the ARF 1.0 (Aura Report Format)<\/strong>, a structured data standard that allows you to copy detected issues directly into AI tools like ChatGPT or Claude to receive instant, context-aware code fixes.<\/p>\n\n

Built for AI-Assisted Debugging<\/h3>\n\n

Every issue detected by Aura includes a \"Copy AI Prompt\"<\/strong> button. This assembles a high-signal prompt containing the exact HTML snippet, site environment, and error metadata in the ARF 1.0 format. Simply paste it into your favorite LLM for a precise solution tailored to your WordPress site.<\/p>\n\n

Professional Accessibility (A11y) Auditing<\/h3>\n\n

Ensure your site meets WCAG 2.1 standards with real-time detection of:\n* Duplicate IDs<\/strong>: Finds elements sharing IDs that break screen readers and ARIA landmarks.\n* Missing Labels<\/strong>: Identifies form inputs without accessible names.\n* ARIA Integrity<\/strong>: Detects broken aria-labelledby<\/code>, aria-describedby<\/code>, and hidden focusable elements.\n* Semantic Structure<\/strong>: Validates heading levels (H1-H6), main landmarks, and page titles.\n* Interactive Elements<\/strong>: Flags non-interactive elements with click handlers and buttons without types.<\/p>\n\n

Developer-First Features<\/h3>\n\n
    \n
  • Persistent Logging<\/strong>: Issues are stored in a dedicated database table with rate-limiting and deduplication.<\/li>\n
  • HTML Snapshots<\/strong>: Capture the full rendered DOM of any page for offline audit or historical reference.<\/li>\n
  • Environment Aware<\/strong>: Configure Aura to run only in Development<\/code> or Staging<\/code> modes to protect production performance.<\/li>\n
  • Auto-Fix Engine<\/strong>: Optionally allow Aura to automatically resolve common issues like duplicate IDs on the fly.<\/li>\n
  • Export Options<\/strong>: Download professional CSV logs or ARF 1.0 JSON reports for your client audits.<\/li>\n<\/ul>\n\n

    Part of the Aura Plugin Series<\/h3>\n\n

    Aura Frontend Inspector is part of the Aura Plugin Series<\/strong>, a suite of AI-native tools including Aura Static Security Analyzer<\/strong> and Aura Login<\/strong>. Together, they provide a unified \"Security & Compliance\" ecosystem for WordPress professionals.<\/p>\n\n\n

      \n
    1. Upload the aura-frontend-inspector<\/code> folder to the \/wp-content\/plugins\/<\/code> directory, or install directly through the WordPress plugins screen.<\/li>\n
    2. Activate the plugin through the 'Plugins' screen in WordPress.<\/li>\n
    3. Navigate to the Aura FI<\/strong> menu in your admin sidebar.<\/li>\n
    4. Enable the debugger and visit any page on your frontend to start detecting issues.<\/li>\n<\/ol>\n\n\n
      \n

      Does this plugin affect my site's speed?<\/h3><\/dt>\n

      Aura is highly optimized. The detection engine runs in the client's browser, and the logging system uses a dedicated database table with rate-limiting to ensure zero impact on your server's core performance.<\/p><\/dd>\n

      What is ARF 1.0?<\/h3><\/dt>\n

      ARF (Aura Report Format) is a standardized JSON schema created by the Aura team. It is designed to be \"AI-Readable,\" allowing developers to pass complex technical issues to LLMs without manual formatting.<\/p><\/dd>\n

      Can I use this for ADA\/WCAG compliance?<\/h3><\/dt>\n

      Yes. Aura is an excellent tool for identifying Level A and AA violations. Use the ARF export to generate audit reports for your clients or legal compliance teams.<\/p><\/dd>\n

      Does it work with Page Builders?<\/h3><\/dt>\n

      Absolutely. Aura inspects the rendered<\/em> HTML, meaning it works perfectly with Elementor, Divi, Beaver Builder, and the Block Editor (Gutenberg).<\/p><\/dd>\n\n<\/dl>\n\n\n

      2.5.9<\/h4>\n\n
        \n
      • FIX: Logs table timestamps were off by exactly the site's UTC offset (e.g. \"-3600 seconds ago\" on a UTC+1 site) \u2014 aura_fi_format_timestamp() was double-applying the timezone offset on an already-local timestamp.<\/li>\n<\/ul>\n\n

        2.5.8<\/h4>\n\n
          \n
        • FIX: \"Scan Now\" did nothing when the passive-monitoring toggle\/environment heuristic considered debugging inactive \u2014 the scan engine module is now always loaded, and an explicit admin-triggered scan always runs regardless of that heuristic.<\/li>\n
        • FIX: Default landing page changed from Logs to Settings, so the enable toggle is visible immediately instead of being buried in a second tab.<\/li>\n
        • NEW: A \"Scan Now\" that finds zero issues now logs a \"Scan Complete \u2014 No issues found\" entry instead of silently doing nothing, so a clean scan is no longer indistinguishable from a broken one.<\/li>\n<\/ul>\n\n

          2.5.7<\/h4>\n\n
            \n
          • FIX: Scanner no longer reports false positives for elements inside the WP admin bar (#wpadminbar) or Query Monitor panels (#qm, [id^=\"qm-\"]).<\/li>\n
          • COMPLIANCE: Replaced json_encode() with wp_json_encode() for inline script output.<\/li>\n
          • COMPLIANCE: ABSPATH guard in RuleRegistry moved before use statements to satisfy Plugin Check.<\/li>\n
          • COMPLIANCE: $_GET['nonce'] and $_POST['nonce'] in get_logs() now individually unslashed; correct NonceVerification phpcs:ignore codes added.<\/li>\n
          • COMPLIANCE: $_GET['limit'] in export_logs_json() now unslashed before intval().<\/li>\n
          • COMPLIANCE: Migration INSERT IGNORE query phpcs:ignore extended to cover DirectQuery and NoCaching sniffs.<\/li>\n
          • CHANGE: Tested up to WordPress 7.0.<\/li>\n
          • UI: False Positive column header widened to prevent text wrapping in Logs table.<\/li>\n
          • UI: \"View Code\" column renamed to \"Line\" and now displays the detected source line number.<\/li>\n<\/ul>\n\n

            2.5.6<\/h4>\n\n
              \n
            • COMPLIANCE: register_setting() updated to array form with explicit type and sanitize_callback.<\/li>\n
            • COMPLIANCE: exclude_wp_core_elements option now correctly sanitized in sanitizeOptions() \u2014 was silently dropped on save.<\/li>\n
            • COMPLIANCE: HTML capture feature removed from free build; unsanitized full-page HTML cannot be adequately sanitized with WordPress built-ins without breaking the feature.<\/li>\n
            • SECURITY: json_last_error() validation added after JSON decode in LogHandler and ValidationHandler.<\/li>\n<\/ul>\n\n

              2.5.5<\/h4>\n\n
                \n
              • COMPLIANCE: wp_die() calls in LogHandler now wrapped with esc_html__() for proper escaping and i18n compatibility.<\/li>\n<\/ul>\n\n

                2.5.4<\/h4>\n\n
                  \n
                • CHANGE: AJAX handler modularised \u2014 Handler.php split into AbstractHandler, CaptureHandler, ValidationHandler, and LogHandler.<\/li>\n
                • UI: Removed non-functional light\/dark theme toggle from Captures page; stripped all emoji characters from Captures admin page.<\/li>\n
                • BUILD: openspec\/ directory excluded from distribution zip.<\/li>\n<\/ul>\n\n

                  2.5.3<\/h4>\n\n
                    \n
                  • FIX: validate_html() fatal HTTP 500 \u2014 Aura_FI_HTML_Validator class reference prefixed with \\ to resolve from global namespace.<\/li>\n<\/ul>\n\n

                    2.5.2<\/h4>\n\n
                      \n
                    • SECURITY: Rate-limit directory now uses wp_upload_dir() for compatibility with custom upload paths.<\/li>\n
                    • SECURITY: HTML captures directory protected with deny-from-all .htaccess on creation.<\/li>\n
                    • SECURITY: capture_html() rejects payloads exceeding 5 MB.<\/li>\n
                    • FIX: JSON validation_options boolean flags and max_issues explicitly cast after array_merge().<\/li>\n<\/ul>\n\n

                      2.5.1<\/h4>\n\n
                        \n
                      • COMPLIANCE: Removed remaining inline blocks from Captures and LogsTable pages; JS now served via properly enqueued files.<\/li>\n
                      • COMPLIANCE: Added sanitize_text_field(wp_unslash()) before wp_verify_nonce() for all three nonce checks in Captures page (delete_file, delete_all, force_update_config).<\/li>\n
                      • COMPLIANCE: Assets class extended to register and enqueue split admin JS files (admin-dashboard, admin-settings, admin-logs-table, admin-captures).<\/li>\n<\/ul>\n\n

                        2.5.0<\/h4>\n\n
                          \n
                        • UI: Separated Settings & Logs into two distinct pages.<\/li>\n
                        • UI: New tab order \u2014 Logs, HTML Captures, Settings, About.<\/li>\n
                        • UI: Dashboard statistics cards and log table now live exclusively in the Logs tab.<\/li>\n
                        • UI: Settings tab contains only plugin configuration options.<\/li>\n
                        • UI: Added (i) info icon to every setting with contextual tooltips; Debug Mode tooltip explains when to choose each environment.<\/li>\n
                        • UI: Debug Mode header now shows the active mode name (Development \/ Staging \/ Production) instead of the word \"SELECT\".<\/li>\n
                        • UI: Debug Mode label updates live when the user changes the select, before saving.<\/li>\n
                        • UI: Maximum Log Entries and Maximum HTML Captures now show the current value in the header; value updates live as you type.<\/li>\n
                        • UI: URLs to Exclude shows an \"Edit \u203a\" hint in the header that highlights on hover.<\/li>\n
                        • CHANGE: Detect Duplicate IDs and Detect Missing Labels are now always enabled and no longer appear as user-configurable toggles.<\/li>\n
                        • SECURITY: Added capability check (aura_fi_current_user_can_access) to log_issue, capture_html, and validate_html AJAX handlers; previously these relied solely on nonce verification.<\/li>\n<\/ul>\n\n

                          2.4.8<\/h4>\n\n
                            \n
                          • SECURITY: Added sanitize_text_field() before wp_verify_nonce() in Captures.php (3 remaining call sites).<\/li>\n
                          • SECURITY: json_decode() on $_POST['issues'] now uses explicit unslash-then-decode pattern with is_array() guard.<\/li>\n
                          • COMPLIANCE: Contributors field in readme.txt corrected to match WordPress.org account username.<\/li>\n<\/ul>\n\n

                            2.4.7<\/h4>\n\n
                              \n
                            • SECURITY: All nonce verifications now use sanitize_text_field() before wp_verify_nonce() (7 call sites).<\/li>\n
                            • SECURITY: json_decode() result on validation_options now validated as array before use.<\/li>\n
                            • COMPLIANCE: Removed all inline blocks from admin pages; JS extracted to separate enqueued files.<\/li>\n
                            • COMPLIANCE: Chart.js bundled locally (assets\/vendor\/chartjs\/); CDN dependency removed.<\/li>\n
                            • COMPLIANCE: Rate-limit transient keys prefixed with aurafrin_ instead of generic ajax_.<\/li>\n
                            • COMPLIANCE: Debug-active admin notice now scoped to plugin pages only.<\/li>\n
                            • COMPLIANCE: Removed Plugin URI pointing to a 404 page.<\/li>\n<\/ul>\n\n

                              2.4.0<\/h4>\n\n
                                \n
                              • NEW: Full support for ARF 1.0 (Aura Report Format).<\/li>\n
                              • NEW: \"Copy AI Prompt\" button for instant AI-assisted fixes.<\/li>\n
                              • IMPROVED: Enhanced heuristics for mapping DOM elements to source line numbers.<\/li>\n
                              • FIX: Performance optimizations for sites with large DOM trees.<\/li>\n<\/ul>\n\n

                                2.1.0<\/h4>\n\n
                                  \n
                                • PSR-4 Migration: Core architecture refactored for better performance and extensibility.<\/li>\n
                                • New modular rule engine: Easily toggle specific detection rules.<\/li>\n
                                • Added support for ARIA attribute validation and interactive element checks.<\/li>\n<\/ul>\n\n

                                  2.0.0<\/h4>\n\n
                                    \n
                                  • Major Rebrand: Plugin renamed to Aura Frontend Inspector.<\/li>\n
                                  • New top-level admin menu and unified UI.<\/li>\n
                                  • Added persistence layer: Issues are now stored in a custom DB table.<\/li>\n<\/ul>\n\n

                                    1.0.0<\/h4>\n\n
                                      \n
                                    • Initial release with basic HTML and duplicate ID detection.<\/li>\n<\/ul>","raw_excerpt":"The AI-Native accessibility and HTML debugger for WordPress. Detect issues, export ARF 1.0 reports, and get AI-assisted fixes in seconds.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/297805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=297805"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/fropt"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=297805"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=297805"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=297805"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=297805"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=297805"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=297805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}