Title: AbilityGuard – Abilities API Monitor
Author: Kushang Tailor
Published: <strong>chulio 5, 2026</strong>
Last modified: chulio 5, 2026

---

Search plugins

![](https://s.w.org/plugins/geopattern-icon/ability-guard.svg)

# AbilityGuard – Abilities API Monitor

 By [Kushang Tailor](https://profiles.wordpress.org/kushang78/)

[Download](https://downloads.wordpress.org/plugin/ability-guard.1.0.0.zip)

 * [Details](https://arg.wordpress.org/plugins/ability-guard/#description)
 * [Reviews](https://arg.wordpress.org/plugins/ability-guard/#reviews)
 *  [Installation](https://arg.wordpress.org/plugins/ability-guard/#installation)
 * [Development](https://arg.wordpress.org/plugins/ability-guard/#developers)

 [Support](https://wordpress.org/support/plugin/ability-guard/)

## Description

AbilityGuard helps site administrators understand and audit what the WordPress Abilities
API exposes on their site.

The WordPress Abilities API gives plugins, themes, AI tools, automation workflows,
and other integrations a structured way to register and execute site capabilities.
That is powerful, but it also creates a new visibility problem: administrators need
to know which abilities are available, how those abilities are described, whether
they are exposed through REST, and what executions have happened recently.

AbilityGuard adds that visibility layer. It inventories registered abilities, highlights
risk-related annotations, and keeps a rolling execution log so you can review what
ran, who triggered it, how it was triggered, and what data was stored.

#### What problem does AbilityGuard solve?

Without an inventory or audit trail, administrators may not know:

 * Which abilities are registered by active plugins or integrations.
 * Whether an ability is marked as read-only, destructive, or idempotent.
 * Whether an ability is exposed through REST.
 * Which abilities executed recently.
 * Which user triggered an ability execution.
 * Whether input or output payloads were captured for review.

AbilityGuard is designed to answer those questions from the WordPress admin area.

#### Features

 * Ability Inventory: view registered WordPress abilities in one place.
 * Risk Badges: see risk labels derived from Abilities API annotations.
 * Annotation Visibility: review read-only, destructive, and idempotent metadata.
 * Category Details: see the official ability category and slug.
 * Namespace Details: inspect the ability namespace for easier troubleshooting.
 * REST Exposure: identify abilities marked for REST API exposure.
 * Schema Visibility: see whether input and output schemas are registered.
 * Current User Permission Check: see whether the current admin user can execute
   an ability with its default input.
 * Execution Log: review recent ability executions.
 * Log Details: inspect ability name, user, trigger context, status, input, and 
   output details.
 * Trigger Context: identify executions triggered through REST, WP-CLI, cron, or
   PHP.
 * User Links: jump from a log entry to the related WordPress user profile when 
   available.
 * Configurable Payload Logging: choose whether to store ability input and output
   data.
 * Privacy-Conscious Defaults: output logging is disabled by default.
 * Log Retention: keeps a rolling log of the latest 100 execution entries.
 * Uninstall Cleanup Option: optionally remove AbilityGuard data when uninstalling
   the plugin.

#### What AbilityGuard does not log

AbilityGuard monitors Abilities API registrations and executions. It does not replace
a general WordPress activity log plugin.

For example, AbilityGuard does not automatically log normal post edits, page updates,
media uploads, settings saves, WooCommerce activity, or user profile changes unless
those actions are performed through a registered WordPress ability.

#### Privacy and data storage

AbilityGuard stores logs in a custom database table in your WordPress database. 
Input logging can be enabled or disabled from the settings page. Output logging 
is available but disabled by default because ability responses may contain sensitive
or large data.

Before enabling output logging, review your site’s privacy and compliance requirements.

## Installation

 1. Upload the `ability-guard` folder to `/wp-content/plugins/`.
 2. Activate AbilityGuard from the Plugins screen.
 3. Open AbilityGuard in WP Admin.
 4. Review the Ability Inventory page.
 5. Open AbilityGuard > Settings to choose logging preferences.

## FAQ

### Does AbilityGuard require the Abilities API?

Yes. AbilityGuard requires the WordPress Abilities API and listens to native ability
execution hooks.

### Will AbilityGuard work on older WordPress versions?

No. AbilityGuard requires a WordPress version that includes the Abilities API.

### Does AbilityGuard log normal WordPress admin actions?

No. AbilityGuard logs Abilities API activity. It does not automatically log normal
admin actions such as editing a post, uploading media, changing settings, or activating
another plugin.

### When will a log entry appear?

A log entry appears when a registered ability is executed through the Abilities 
API and the native execution hooks fire.

### Why do I see abilities from AI plugins?

AI plugins and automation tools may register abilities so they can perform structured
tasks through WordPress. AbilityGuard inventories those abilities and logs executions
when they run.

### Is AbilityGuard the same as an AI request log?

No. AI request logs usually track provider requests, model names, token usage, and
AI response metadata. AbilityGuard tracks WordPress ability registrations and executions.
It focuses on site capability visibility and auditing.

### What does “risk” mean in the inventory?

Risk is derived from Abilities API annotations, such as whether an ability is read-
only, destructive, or idempotent. If an ability does not provide enough annotation
data, AbilityGuard marks the risk as unknown.

### Why are many abilities marked as “Unknown” risk?

Unknown means the registered ability did not provide enough annotation metadata 
for confident classification. It does not necessarily mean the ability is dangerous.

### What is the “Current User” column?

The Current User column checks whether the currently logged-in admin user can execute
the ability with its default input. It is a basic visibility signal, not a full 
role or policy audit.

### What does “REST” mean?

The REST column shows whether the ability metadata marks the ability as exposed 
through the REST API.

### What is the difference between Category and Namespace?

Category is official Abilities API metadata. Namespace is the first part of the 
ability name before the slash, such as `ai` in `ai/title-generation`.

### Why is source detection only shown in the detail view?

Source detection is best-effort and based on the ability namespace. It may match
a plugin name or only identify a namespace, so AbilityGuard keeps it in the detail
view instead of making it a primary table column.

### How many logs does AbilityGuard keep?

AbilityGuard keeps a rolling log of the latest 100 execution entries.

### Can I delete logs?

Yes. You can delete individual log entries or bulk delete entries from the Execution
Log page.

### Does AbilityGuard log ability input?

Input logging can be enabled or disabled in AbilityGuard > Settings.

### Does AbilityGuard log ability output?

Output logging is available but disabled by default because ability responses may
contain sensitive or large data.

### Where does AbilityGuard store logs?

AbilityGuard stores execution logs in a custom database table named with your WordPress
database prefix, followed by `ability_guard_logs`.

### Can AbilityGuard remove its data on uninstall?

Yes. Enable the uninstall cleanup setting before uninstalling if you want AbilityGuard
to remove its logs and settings.

### Does AbilityGuard send data to an external service?

No. AbilityGuard does not send logged ability data to an external service.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“AbilityGuard – Abilities API Monitor” is open source software. The following people
have contributed to this plugin.

Contributors

 *   [ Kushang Tailor ](https://profiles.wordpress.org/kushang78/)

[Translate “AbilityGuard – Abilities API Monitor” into your language.](https://translate.wordpress.org/projects/wp-plugins/ability-guard)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/ability-guard/), check
out the [SVN repository](https://plugins.svn.wordpress.org/ability-guard/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/ability-guard/) 
by [RSS](https://plugins.trac.wordpress.org/log/ability-guard/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.0

 * Initial release.
 * Added Ability Inventory for registered WordPress abilities.
 * Added risk badges based on Abilities API annotations.
 * Added category, namespace, REST exposure, permission, and schema visibility.
 * Added Execution Log with a rolling 100-entry retention limit.
 * Added detailed log view with user links, trigger context, input, and output sections.
 * Added settings for input logging, output logging, and uninstall cleanup.
 * Added custom database table for execution logs.
 * Added admin styles and directory index guards.

## Meta

 *  Version **1.0.0**
 *  Last updated **10 horas ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.9 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.2 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/ability-guard/)
 * Tags
 * [abilities-api](https://arg.wordpress.org/plugins/tags/abilities-api/)[AI](https://arg.wordpress.org/plugins/tags/ai/)
   [audit log](https://arg.wordpress.org/plugins/tags/audit-log/)[monitoring](https://arg.wordpress.org/plugins/tags/monitoring/)
   [security](https://arg.wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://arg.wordpress.org/plugins/ability-guard/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/ability-guard/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/ability-guard/reviews/)

## Contributors

 *   [ Kushang Tailor ](https://profiles.wordpress.org/kushang78/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/ability-guard/)