No description

PHP 95%
CSS 2.8%
JavaScript 2.2%

Find a file

Eric 5a806403d9 Merge pull request 'v2.5.1: uninstall cron fix, dead code removal, and code quality fixes from 7th Context7 review' (#42 ) from v2.5.1 into main Reviewed-on: #42		2026-03-12 23:25:29 -07:00
.claude	I guess	2026-03-12 21:25:17 -07:00
assets	v2.4.1: bug fixes and code quality improvements from 4th Context7 review	2026-03-12 20:46:35 -07:00
includes	v2.5.1: uninstall cron fix, dead code removal, and code quality fixes from 7th Context7 review	2026-03-12 23:24:28 -07:00
.gitignore	Test	2026-03-08 15:50:45 -07:00
apprise-notifications.php	v2.5.1: uninstall cron fix, dead code removal, and code quality fixes from 7th Context7 review	2026-03-12 23:24:28 -07:00
CLAUDE.md	v2.5.1: uninstall cron fix, dead code removal, and code quality fixes from 7th Context7 review	2026-03-12 23:24:28 -07:00
LICENSE	Getting going on v1.2.2	2026-02-06 17:07:13 -08:00
README.md	Update CLAUDE.md and README.md for v2.1.0 features	2026-02-13 19:40:48 -08:00
readme.txt	v2.5.1: uninstall cron fix, dead code removal, and code quality fixes from 7th Context7 review	2026-03-12 23:24:28 -07:00
SECURITY.md	Last one	2026-03-12 22:12:39 -07:00
uninstall.php	v2.5.1: uninstall cron fix, dead code removal, and code quality fixes from 7th Context7 review	2026-03-12 23:24:28 -07:00

README.md

Apprise Notifications for WordPress

Send WordPress system events to an Apprise API endpoint.

AI Disclosure

This plugin was completely written by Claude AI.

I (a human) did testing to verify each feature worked and ran the code through Semgrep.dev to see if there was anything blatantly wrong.

Features

🔔 Multiple Notification Events: See Supported Events for a full list
🔒 Security-First Design: Built following WordPress security best practices and OWASP guidelines, or at least that's what I told the AI Agent to do
⚡ Lightweight: Fast synchronous delivery with minimal overhead
🔧 Highly Configurable: Enable/disable individual events, debug logging, and more
🔌 Extensible: Filter hooks for customizing every aspect of notifications
🛡️ Privacy-Aware: Configurable IP logging with anonymization options
📧 Email Suppression: Prevent duplicate notifications by suppressing WordPress default emails for events handled by Apprise
🔄 Update Checker: Optional Gitea RSS-based update checking with admin notices and Apprise notifications

Requirements

WordPress 5.7+
PHP 7.4+
An Apprise API endpoint

Installation

Install Plugin

Go to the Releases page
Download the latest releases Source Code (ZIP) file
Login to your Wordpress Site
Click Plugins
Click Add Plugin
Click Upload Plugin
Click Browse and select ZIP file you downloaded from the Releases page
Click Install Now
Click Activate Plugin

Configuration

Navigate to Settings and Apprise Notifications
Enter your Apprise API URL (Example: https://apprise.yourdomain.com/notify/{APIKEY})
(Optional) Set a default tag for notifications
Checkmark Enable Notifications
Review and checkmark which notifications you would like to receive
Click Test Connection to verify your setup
Click Save Changes

Supported Events

Event	Description
New Comment	Triggered when a comment is posted
Admin Login	Triggered when an admin user logs in
User Registration	Triggered when a new user registers
Plugin Installed	Triggered when a plugin is installed
Plugin Updated	Triggered when a plugin is updated
Plugin Deleted	Triggered when a plugin is deleted
Theme Changed	Triggered when the active theme changes
Core Updated	Triggered when WordPress core is updated
Post Published	Triggered when a post is published
Post Updated	Triggered when a published post is updated
Post Trashed	Triggered when a post is moved to trash
Post Deleted	Triggered when a post is permanently deleted
User Role Changed	Triggered when a user's role changes
Plugin Update Available	Triggered when a new plugin version is detected via Gitea RSS (requires update checking enabled)

Email Suppression

To avoid receiving duplicate notifications (one from Apprise and one from WordPress), the plugin offers email suppression with three modes:

Mode	Behavior
None (default)	WordPress emails are unaffected
Matching events only	Suppresses WordPress default emails for events that have Apprise notifications enabled (e.g., comment notifications, new user emails, auto-update emails)
All emails	Blocks all emails sent via `wp_mail()` — use with caution

Email suppression is only active when the plugin is globally enabled. Deactivating or uninstalling the plugin automatically restores all WordPress emails.

Update Checking

Since this plugin is hosted on a self-hosted Gitea instance rather than wordpress.org, it includes an optional update checker. When enabled under Settings → Apprise Notifications:

Checks the Gitea releases RSS feed once every 24 hours
Displays a dismissible admin notice when a new version is available
Sends an Apprise notification (once per new version) when an update is detected
Links to the Releases page for manual download

The plugin does not auto-update itself — you must download and install new versions manually.

Plugin Architecture

apprise-notifications/
├── apprise-notifications.php   # Main plugin bootstrap
├── includes/
│   ├── class-apprise-client.php         # Apprise API client
│   ├── class-apprise-event-dispatcher.php # Central event dispatcher
│   ├── class-apprise-admin-settings.php  # Admin settings page
│   ├── class-apprise-email-suppressor.php # WordPress email suppression
│   ├── class-apprise-update-checker.php  # Gitea RSS update checker
│   ├── class-apprise-logger.php          # Secure logging
│   └── events/
│       ├── class-apprise-comment-events.php
│       ├── class-apprise-login-events.php
│       ├── class-apprise-user-events.php
│       ├── class-apprise-post-events.php
│       ├── class-apprise-plugin-events.php
│       └── class-apprise-core-events.php
├── assets/
│   ├── admin.css
│   └── admin.js
├── readme.txt
└── README.md

Developer Documentation

Filter Hooks

Modify Notifications Before Sending

add_filter( 'apprise_notifications_before_dispatch', function( $notification, $event_type, $context ) {
    // Add a prefix to all notification titles
    $notification['title'] = '[My Site] ' . $notification['title'];
    
    // Change notification type
    $notification['type'] = 'warning';
    
    // Cancel the notification by returning false
    if ( 'post_update' === $event_type ) {
        return false;
    }
    
    return $notification;
}, 10, 3 );

Add Custom Post Types

add_filter( 'apprise_notifications_supported_post_types', function( $types ) {
    $types[] = 'product';
    $types[] = 'event';
    return $types;
} );

Add Custom Event Types

add_filter( 'apprise_notifications_event_types', function( $types ) {
    $types['woocommerce_order'] = __( 'WooCommerce Order', 'my-plugin' );
    return $types;
} );

Privacy Controls

// Disable IP logging in notifications
add_filter( 'apprise_notifications_include_login_ip', '__return_false' );

// Anonymize IP addresses instead of disabling
add_filter( 'apprise_notifications_anonymize_ip', '__return_true' );

// Allow localhost for development
add_filter( 'apprise_notifications_allow_localhost', '__return_true' );

Action Hooks

Custom Log Handler

add_action( 'apprise_notifications_log', function( $level, $message, $context ) {
    // Send logs to your custom logging service
    my_custom_logger( $level, $message, $context );
}, 10, 3 );

Security Features

Input Validation: All inputs are sanitized using WordPress sanitization functions
Output Escaping: All outputs are escaped to prevent XSS
Nonce Verification: All admin actions use WordPress nonces
Capability Checks: Admin functions require manage_options capability
SSRF Protection: API URLs are validated to prevent server-side request forgery
Secure Logging: Sensitive data (API keys, passwords, tokens) is automatically redacted from logs
Non-Blocking Failures: Network errors never block WordPress execution