1.2.1 - WordPress.org review round 2 fixes

Round 2 review-compliance fixes.

• Fix: Plugin URI and front-end footer link now resolve (https://plugins.ettic.nl/opentrust); the previous URL returned 404.
• Change: custom post type slugs renamed from eotc_ to ettotc_, a 4+ char prefix that stays within WordPress's 20-char post_type limit (ettic_otc_certification would be 23). Export ZIPs from earlier builds remap to the new slugs automatically on import.
• Housekeeping: regenerated translation template; changelog and upgrade notice added.

Install ZIP attached below. CI and Semgrep green on main.

1.2.0 - Renamed to Open Trust Center by Ettic

First release under the new name Open Trust Center by Ettic. The plugin previously circulated as opentrust; this release retires that name due to a third-party trademark conflict and migrates every internal identifier off the trademarked term.

Changes

• Renamed to Open Trust Center by Ettic: new slug, text domain, and internal namespace. PHP classes are now Ettic_OTC_*, options under ettic_otc_*, postmeta under _ettic_otc_*, CPT slugs under eotc_*, CSS classes under .ettic-otc-*, REST namespace ettic-otc/v1.
• Migration chain removed: the v1.0.x to v1.1.x in-place DB migration is gone. This release is a fresh install; Import & Export is the supported migration path off any prior install.
• Importer back-compat: accepts export ZIPs from any prior opentrust version (v1.0.x or v1.1.x) with full data fidelity. Legacy postmeta keys (_ot_*, _opentrust_*) and CPT slugs (ot_*, opentr_*) are remapped to the new identifiers on read.

Also in this release

• Admin: "Settings" and "Docs" links on the Plugins row; Settings pinned first in the menu.
• Single policy view keeps the full navigation menu and Ask AI button.
• Questions-log CSV export no longer truncates at 100 rows.
• Hardened frontend JS DOM lookups.
• Realigned admin JS/CSS to the new namespace.

Upgrading from an opentrust install

Export your content and settings from the old plugin's Import & Export tab, deactivate and delete the old plugin, install Open Trust Center by Ettic, then import the ZIPs. There is no in-place upgrade path; the namespaces are intentionally disjoint.

Install

Download open-trust-center-by-ettic-1.2.0.zip below (not the auto-generated "Source code" archives) and upload it via Plugins > Add New > Upload Plugin.

1.1.1 - Identifier prefix cleanup & debug-log gating

A proactive hardening release that extends the 1.1.0 WordPress.org review work. No new features — every change is naming consistency, security hardening, or internal correctness.

What changed

• Short ot_ / _ot_ prefix removed from the rest of the plugin's identifiers. The round-1 wp.org review scoped the prefix finding to the custom post type slugs (fixed in 1.1.0 → opentr_*). This release extends the cleanup to every other shared/global identifier:
  • Postmeta keys — _ot_* → _opentrust_* (all ~44 plugin-owned keys)
  • Policy URL query variables — ot_policy_slug / ot_version → opentrust_*
  • Meta box IDs, admin list-table column IDs, and import/export form field names → opentrust_*
• Diagnostic error_log() calls are now gated behind WP_DEBUG via a single centralized helper, so production sites stay quiet while the failure detail is still available to developers debugging an install.
• Bundled translation template regenerated. Database schema version bumped to 5.

Database migration

An automatic, idempotent v4 → v5 migration rewrites existing postmeta to the new keys on the first load after upgrade — it runs once, retries safely if interrupted, and busts the relevant caches. Post content, meta values, revisions, version history, and WPML/Polylang translation links are all preserved, and existing trust-center URLs are unaffected.

Upgrade notes

• No manual action is required. A database backup before upgrading is recommended, as with any schema migration.
• If you maintain custom code that references the old _ot_* postmeta keys or the ot_policy_slug / ot_version query variables directly, update those references to the new _opentrust_* / opentrust_* names.
• Pre-1.1.1 export archives still import correctly — the importer transparently remaps the old keys.

Verification

All CI green (PHP lint 8.1–8.4, PHPStan, Semgrep, security scan, WordPress Plugin Check, POT freshness, version consistency). Reviewed by multiple independent audit passes — one migration-ordering bug (duplicate UUID rows on a v1→1.1.1 jump) was caught and fixed before release. Functionally tested on a clean WordPress install.

Full Changelog: 1.1.0...1.1.1

1.1.0 - WordPress.org review compliance

OpenTrust 1.1.0 implements every fix requested in round 1 of the WordPress.org plugin review. It ships no new features. Every change is compliance, security hardening, or internal correctness work, and the plugin is now ready for directory resubmission.

Compliance and hardening

• Custom post type prefix. The five custom post types were renamed from the ot_ prefix to opentr_ (opentr_policy, opentr_certification, opentr_subprocessor, opentr_data_practice, opentr_faq) to meet the WordPress.org four-character prefix rule. An automatic database migration rewrites existing content on the first load after upgrade. See "Upgrade notes" below. (#21)
• Output escaping. All output is now escaped at the point it is echoed, across the public trust center, the AI chat, and every admin screen. Every phpcs:ignore escape suppression has been removed. There is no visible change to rendered pages. (#19)
• Asset loading. Front-end and chat CSS and JavaScript are now registered and enqueued through the standard WordPress asset API with real file URLs instead of being inlined, so browsers can cache them between page loads. (#11)
• File uploads. Uploaded import archives are now processed through the standard wp_handle_upload() pipeline, which applies core MIME-type validation and the upload_mimes filter chain. (#17)
• Outbound HTTP. The AI chat streaming request now goes through the WordPress HTTP API (wp_safe_remote_post() with the documented http_api_curl hook) instead of a raw cURL call. Streaming, the Stop button, the host allowlist, and SSL verification are unchanged. (#15)
• Review solicitation. The review link in the admin footer and milestone notice now points to the plugin's neutral reviews page, and the five-star wording has been removed, in line with WordPress.org guidelines. (#9)

Fixes

• Removed an unused require of a WordPress core admin file from the import routine. (#13)

Upgrade notes

• This release ships a v3 to v4 database schema migration. On the first page load after upgrading, the plugin rewrites wp_posts.post_type for every existing policy, certification, subprocessor, data practice, and FAQ from the old ot_* slugs to the new opentr_* slugs.
• The migration is automatic, idempotent, and crash-safe. Post IDs, content, meta, revisions, policy version history, and WPML or Polylang translation links are all preserved.
• A database backup before upgrading is recommended, as with any schema migration.
• If you maintain custom code (theme snippets, companion plugins) that references the old ot_* post type slugs directly, update those references to the new opentr_* slugs. There is no compatibility shim.
• Content archives exported by OpenTrust 1.0.x still import correctly. The importer remaps legacy slugs automatically.

Install

Download opentrust-1.1.0.zip below and install it through Plugins, Add New, Upload Plugin, or extract it into wp-content/plugins/.

Full Changelog: 1.0.1...1.1.0

1.0.1 - fixed AI model selection

Fixes

• The active AI model could be silently cleared 24 hours after the provider's model-list cache expired, leaving chat disabled until the admin reopened settings and re-picked. (#5)

Improvements

• A daily cron now refreshes each stored provider's model list ahead of cache expiry, and a persisted display-name snapshot keeps the saved model rendered even if the provider deprecates the id.

Notes

• Settings export no longer includes per-site AI model fields (id, display name, recommended flag) — they are provider-paired and would carry stale labels to a destination site running a different provider.
• DB schema bumped 2 → 3 (back-fill on first admin load, no manual action needed).

Full Changelog: 1.0.0...1.0.1

1.0.0 — initial public release

First public release of OpenTrust — a self-hosted, open-source trust center plugin for WordPress.

Status: Submitted to WordPress.org; pending review. Once approved, install via WP Admin → Plugins → Add New → search "OpenTrust". Until then, download opentrust-1.0.0.zip below and upload it via WP Admin → Plugins → Add New → Upload Plugin.

Highlights

• 5 custom post types: policies, certifications, subprocessors, data practices, FAQ
• Auto-incrementing policy versions with archived revisions reachable at stable URLs (/trust-center/policy/{slug}/version/{n}/)
• Pre-filled catalogs: 200+ subprocessors, plus certifications and data practices
• Optional AI chat assistant (Anthropic, OpenAI, OpenRouter) with agentic retrieval, native citations, token budgets, and rate limits
• Theme-isolated rendering, libsodium-encrypted secrets, zero-PII logging, no telemetry
• WPML/Polylang compatible, Dutch starter translation
• GPL-2.0-or-later

Requires

• WordPress 6.0+
• PHP 8.1+

See README.md for local-dev setup and readme.txt for the WordPress.org-format listing and changelog.