### Interactive Program Notice Source: https://github.com/automattic/jetpack-protect-plugin/blob/trunk/jetpack_vendor/automattic/jetpack-account-protection/LICENSE.txt This notice should be displayed by interactive programs when they start, providing version information, copyright, warranty status, and instructions for redistribution. ```text Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. ``` -------------------------------- ### Get WAF Configuration via REST API Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Retrieve the complete WAF configuration and blocked-request statistics with this GET request. The response includes details on WAF support, current IP, enabled status, and configuration settings. ```bash curl -s -X GET \ "https://example.com/wp-json/jetpack-protect/v1/waf" \ -H "X-WP-Nonce: YOUR_NONCE_HERE" \ --cookie "wordpress_logged_in_HASH=YOUR_COOKIE" ``` -------------------------------- ### View GitHub PR Details with CLI Source: https://github.com/automattic/jetpack-protect-plugin/blob/trunk/jetpack_vendor/automattic/jetpack-my-jetpack/AGENTS.md Use the GitHub CLI to view pull request details, comments, and diffs. Ensure the GitHub CLI is installed and authenticated. ```bash gh pr view 44191 # View PR details and description ``` ```bash gh pr view 44191 --comments # View PR with all comments ``` ```bash gh pr diff 44191 # View the diff/changes ``` -------------------------------- ### Get Account Protection Settings via REST API Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Retrieve the current settings for account protection, including whether it's enabled and password strength enforcement details, using this GET request. ```bash curl -s -X GET \ "https://example.com/wp-json/jetpack-protect/v1/account-protection" \ -H "X-WP-Nonce: YOUR_NONCE_HERE" \ --cookie "wordpress_logged_in_HASH=YOUR_COOKIE" ``` -------------------------------- ### Standard Program Header Source: https://github.com/automattic/jetpack-protect-plugin/blob/trunk/jetpack_vendor/automattic/jetpack-account-protection/LICENSE.txt Include this header at the beginning of each source file to provide copyright information and a brief description of the program. It also points to the full license details. ```text Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, see . ``` -------------------------------- ### Initialize and Track Event with Pixel in JavaScript Source: https://github.com/automattic/jetpack-protect-plugin/blob/trunk/jetpack_vendor/automattic/jetpack-connection/TRACKING.md Initialize the analytics client with user data and record an event using the tracking pixel method. Ensure `varname.tracksUserData` is properly localized. ```JS var tracksUser = varname.tracksUserData; analytics.initialize( tracksUser.userid, tracksUser.username ); analytics.tracks.recordEvent( 'jetpack_my_event_name', { prop1: value1, prop2: value2 } ); ``` -------------------------------- ### Onboarding Progress Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Methods for tracking and updating user onboarding progress. `Onboarding::get_current_user_progress()` retrieves completed steps, while `Onboarding::complete_steps()` marks steps as completed. Includes REST API endpoints for progress management. ```APIDOC ## Onboarding Progress `Onboarding::complete_steps()` and `Onboarding::get_current_user_progress()` track which onboarding steps each admin user has completed. Progress is stored in user meta and used by the React UI to display the welcome flow. ```php use Automattic\Jetpack\Protect\Onboarding; // Get which onboarding steps the current user has completed: $progress = Onboarding::get_current_user_progress(); // Returns array of completed step IDs, e.g.: ['welcome', 'connect', 'scan'] // Mark steps as completed (idempotent — won't duplicate already-completed steps): $success = Onboarding::complete_steps( array( 'welcome', 'connect' ) ); // Returns true on success, false on failure. // Via REST API: // GET /wp-json/jetpack-protect/v1/onboarding-progress curl -s -X GET \ "https://example.com/wp-json/jetpack-protect/v1/onboarding-progress" \ -H "X-WP-Nonce: YOUR_NONCE_HERE" \ --cookie "wordpress_logged_in_HASH=YOUR_COOKIE" # Returns: ["welcome", "connect"] # Mark steps complete via REST: curl -s -X POST \ "https://example.com/wp-json/jetpack-protect/v1/onboarding-progress" \ -H "X-WP-Nonce: YOUR_NONCE_HERE" \ -H "Content-Type: application/json" \ -d '{"step_ids": ["welcome", "scan"]}' \ --cookie "wordpress_logged_in_HASH=YOUR_COOKIE" # Returns: "Onboarding step(s) completed." ``` ``` -------------------------------- ### Track User Event in PHP Source: https://github.com/automattic/jetpack-protect-plugin/blob/trunk/jetpack_vendor/automattic/jetpack-connection/TRACKING.md Record a user event on the backend using the `record_user_event` method. Requires an initialized Connection Manager and Tracking instance. ```PHP $connection_manager = new Automatticootstrapcdn Connection Manager( 'plugin-slug' ); $tracking = new Tracking( 'plugin-slug', $connection_manager ); $tracking->record_user_event( $event_name, array( 'property_key' => 'value', ) ); ``` -------------------------------- ### Get WAF Configuration Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Retrieves the complete Web Application Firewall (WAF) configuration, including its current state and statistics on blocked requests. ```APIDOC ## GET /wp-json/jetpack-protect/v1/waf ### Description Retrieves the current Web Application Firewall (WAF) configuration and statistics. ### Method GET ### Endpoint /wp-json/jetpack-protect/v1/waf ### Response #### Success Response (200) - **wafSupported** (boolean) - Whether WAF is supported. - **currentIp** (string) - The current IP address. - **isEnabled** (boolean) - Whether WAF is currently enabled. - **upgradeIsSeen** (boolean) - Indicates if an upgrade has been seen. - **displayUpgradeBadge** (boolean) - Whether to display an upgrade badge. - **config** (object) - WAF configuration settings. - **jetpack_waf_automatic_rules_enabled** (boolean) - **jetpack_waf_ip_allow_list** (string) - **jetpack_waf_ip_allow_list_enabled** (boolean) - **jetpack_waf_ip_block_list** (string) - **jetpack_waf_ip_block_list_enabled** (boolean) - **jetpack_waf_share_data** (boolean) - **standalone_mode** (boolean) - **automatic_rules_available** (boolean) - **brute_force_protection** (boolean) - **stats** (object) - Statistics about blocked requests. - **blockedRequests** (object) - **current_day** (integer) - **thirty_days** (integer) - **all_time** (integer) - **globalStats** (object) - Global statistics. - **threats_blocked** (integer) ### Response Example ```json { "wafSupported": true, "currentIp": "203.0.113.42", "isEnabled": true, "upgradeIsSeen": false, "displayUpgradeBadge": true, "config": { "jetpack_waf_automatic_rules_enabled": true, "jetpack_waf_ip_allow_list": "192.168.1.0/24", "jetpack_waf_ip_allow_list_enabled": true, "jetpack_waf_ip_block_list": "", "jetpack_waf_ip_block_list_enabled": false, "jetpack_waf_share_data": true, "standalone_mode": false, "automatic_rules_available": true, "brute_force_protection": true }, "stats": { "blockedRequests": { "current_day": 5, "thirty_days": 120, "all_time": 4800 } }, "globalStats": { "threats_blocked": 1500000 } } ``` ``` -------------------------------- ### PHP Product Status Constants Usage Source: https://github.com/automattic/jetpack-protect-plugin/blob/trunk/jetpack_vendor/automattic/jetpack-my-jetpack/AGENTS.md Illustrates the usage of product status constants defined in class-products.php. Emphasizes using these constants over magic strings for clarity and maintainability. ```php // Status constants are defined in class-products.php // Use Products::STATUS_* constants instead of magic strings // Common patterns: active, inactive, needs_plan, plugin_absent, etc. // Check class-products.php for current complete list ``` -------------------------------- ### Get Account Protection Settings Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Retrieves the current settings for the account protection module, including whether it is enabled and its password strength configuration. ```APIDOC ## GET /wp-json/jetpack-protect/v1/account-protection ### Description Retrieves the current settings for the account protection module. ### Method GET ### Endpoint /wp-json/jetpack-protect/v1/account-protection ### Response #### Success Response (200) - **enabled** (boolean) - Whether account protection is enabled. - **password_strength** (object) - Password strength settings. - **enabled** (boolean) - Whether password strength enforcement is enabled. - **minimum_strength** (integer) - The minimum required password strength level. ### Response Example ```json { "enabled": true, "password_strength": { "enabled": true, "minimum_strength": 3 } } ``` ``` -------------------------------- ### Get Site-Level WAF Blocked Requests Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Retrieves site-specific WAF blocking counts. Requires a paid plan for display. Ensure WAF is enabled before calling. ```php use Automattic\Jetpack\Waf\Waf_Stats; use Automattic\Jetpack\Waf\Waf_Runner; // Site-level blocked request counts (requires paid plan for display): if ( Waf_Runner::is_enabled() ) { $blocked = Waf_Stats::get_blocked_requests(); // [ // 'current_day' => 7, // blocked today // 'thirty_days' => 210, // blocked in last 30 days // 'all_time' => 5042, // total all-time blocks // ] printf( 'Blocked today: %d', $blocked['current_day'] ); } ``` -------------------------------- ### Check for Required Plan with Jetpack Protect Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Use Plan::has_required_plan() to determine if the site has an active Jetpack Scan or Security plan. Pass `true` to bypass the static cache and force a refresh from WPCOM. Plan::get_product() fetches pricing data for a specific product, with results cached in user_meta for 7 days. ```php use Automattic\Jetpack\Protect_Status\Plan; // Check if the site has a qualifying plan (uses static cache within the request): $has_paid_plan = Plan::has_required_plan(); if ( $has_paid_plan ) { // Paid features available: malware scan, history, fix threats, WAF stats. $scan_history = Scan_History::get_scan_history(); } else { // Free tier: vulnerability reports only (no malware scan, no history). echo 'Upgrade to Jetpack Scan for advanced protection.'; } // Force a plan refresh from WPCOM (bypasses static cache): $has_paid_plan = Plan::has_required_plan( true ); // Fetch pricing data for a specific product (used to display upgrade prompts): $scan_pricing = Plan::get_product( 'jetpack_scan' ); // Returns a product object from WPCOM public API, e.g.: // { "title": "Jetpack Scan", "currency": "USD", "full_price": 9.95, ... } // Result is cached in user_meta for 7 days. ``` -------------------------------- ### Initialize Jetpack Protect Plugin Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt This code bootstraps the Jetpack Protect plugin by setting up WordPress action hooks and initializing necessary Jetpack packages. It must be instantiated once at plugin load time. ```php if ( ! defined( 'ABSPATH' ) ) { exit( 0 ); } // Plugin registers itself on plugins_loaded via the main class constructor. // The constructor fires Jetpack Config to ensure all required packages are initialized: add_action( 'plugins_loaded', function () { $config = new Automattic\Jetpack\Config(); // Establish the Jetpack connection for this plugin. $config->ensure( 'connection', array( 'slug' => JETPACK_PROTECT_SLUG, // 'jetpack-protect' 'name' => JETPACK_PROTECT_NAME, // 'Jetpack Protect' 'url_info' => JETPACK_PROTECT_URI, // 'https://jetpack.com/jetpack-protect' ) ); // Sync selected data to WPCOM for vulnerability checks. $config->ensure( 'sync', array( 'jetpack_sync_modules' => array( 'Automattic\Jetpack\Sync\Modules\Options', 'Automattic\Jetpack\Sync\Modules\Callables', 'Automattic\Jetpack\Sync\Modules\Users', ), 'jetpack_sync_callable_whitelist' => array( 'get_plugins' => array( 'Automattic\Jetpack\Sync\Functions', 'get_plugins' ), 'get_themes' => array( 'Automattic\Jetpack\Sync\Functions', 'get_themes' ), 'wp_version' => array( 'Automattic\Jetpack\Sync\Functions', 'wp_version' ), ), 'jetpack_sync_options_whitelist' => array( 'active_plugins', 'stylesheet' ), ) ); // Enable WAF and Account Protection packages. $config->ensure( 'waf' ); $config->ensure( 'account_protection' ); $config->ensure( 'identity_crisis' ); }, 1 ); ``` -------------------------------- ### Check Fix Progress via REST API Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Retrieve the status of threat fixes using this GET request. Provide the IDs of the threats you want to check the progress for. ```bash curl -s -X GET \ "https://example.com/wp-json/jetpack-protect/v1/fix-threats-status?threat_ids[]=threat-id-1&threat_ids[]=threat-id-2" \ -H "X-WP-Nonce: YOUR_NONCE_HERE" \ --cookie "wordpress_logged_in_HASH=YOUR_COOKIE" ``` -------------------------------- ### Track and Complete Onboarding Steps with Jetpack Protect Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Onboarding::get_current_user_progress() retrieves completed onboarding step IDs for the current user. Onboarding::complete_steps() marks specified steps as completed. These functions are also accessible via REST API endpoints. ```php use Automattic\Jetpack\Protect\Onboarding; // Get which onboarding steps the current user has completed: $progress = Onboarding::get_current_user_progress(); // Returns array of completed step IDs, e.g.: ['welcome', 'connect', 'scan'] // Mark steps as completed (idempotent — won't duplicate already-completed steps): $success = Onboarding::complete_steps( array( 'welcome', 'connect' ) ); // Returns true on success, false on failure. // Via REST API: // GET /wp-json/jetpack-protect/v1/onboarding-progress curl -s -X GET \ "https://example.com/wp-json/jetpack-protect/v1/onboarding-progress" \ -H "X-WP-Nonce: YOUR_NONCE_HERE" \ --cookie "wordpress_logged_in_HASH=YOUR_COOKIE" # Returns: ["welcome", "connect"] # Mark steps complete via REST: curl -s -X POST \ "https://example.com/wp-json/jetpack-protect/v1/onboarding-progress" \ -H "X-WP-Nonce: YOUR_NONCE_HERE" \ -H "Content-Type: application/json" \ -d '{"step_ids": ["welcome", "scan"]}' \ --cookie "wordpress_logged_in_HASH=YOUR_COOKIE" # Returns: "Onboarding step(s) completed." ``` -------------------------------- ### Get Automatic Rules Last Updated Timestamp Source: https://context7.com/automattic/jetpack-protect-plugin/llms.txt Retrieves the timestamp of the last automatic WAF rules update. Returns a stored timestamp string or false if not updated. ```php use Automattic\Jetpack\Waf\Waf_Stats; // Timestamp of last automatic-rules update: $last_updated = Waf_Stats::get_automatic_rules_last_updated(); // Returns a stored timestamp string or false. ```