Built for two live production databases
This plugin moves real content between real WordPress sites. That's not a background job you can afford to get wrong — here's exactly what stands between an attacker and your production database.
The threat model
Why this matters
A sync endpoint is, by design, something that writes to your production site on command. Left unauthenticated — or authenticated with something as weak as a shared secret sent over plain HTTP — it's an open door. Anyone who could see or guess a single request could replay it, forge one of their own, or brute-force their way in.
EZ Page Sync is built on the assumption that this endpoint will be targeted. Every request is cryptographically verified through several independent checks before anything is written.
Request lifecycle
How a sync request gets verified
- 1
The request gets signed
HMAC-SHA256 covers the post ID, timestamp, nonce, and a hash of the full payload — nothing can be forged or tampered with in transit.
- 2
Replay gets checked
A one-time nonce (10-minute TTL) and timestamp window reject any request that's reused or arrives stale.
- 3
The connection gets verified
Plain HTTP is rejected outright — sync only happens over HTTPS.
- 4
The rate gets limited
60 sync requests per hour per IP, enforced server-side, so a compromised credential can't be hammered.
- 5
The sender gets allowlisted (optional)
A CIDR-notation IP allowlist with trusted-proxy support restricts which IPs can reach the endpoint at all.
Only once every one of those checks passes does a single byte touch your production database.
If something still goes wrong
Verification stops bad requests — it doesn't guarantee every good request goes perfectly. That's why a snapshot is captured automatically before every sync, and the Rollback Manager can restore production in one click if a sync leaves things worse than it found them.
See how rollback worksAt a glance
The full picture
HMAC-SHA256 signed payloads
Every sync request is signed and verified before any data is written.
Replay-protected nonces
One-time nonces with a 10-minute TTL stop replayed requests cold.
IP whitelisting
CIDR-notation IP whitelist with trusted proxy support for reverse-proxied setups — included with any paid plan.
Rate limiting
60 sync requests per hour per IP, enforced server-side.
HTTPS enforced
Plain HTTP is rejected outside local debug environments.
Encrypted secrets at rest
The API secret key is stored with AES-256-GCM authenticated encryption.
"Sync traffic flows directly between your own two sites. There's no relay server, and no third party ever sees your content."
Need the exact numbers?
Nonce TTLs, timestamp windows, capability checks, and error codes all live in the full technical reference.
Try it on staging first.
Free covers unlimited single-destination sync, for good. See the security model in action before you touch production.