Read Only Mode \u2013 Telchar HiveLock freezes an already working site by restricting persistent WordPress actions while keeping the site online, browsable, and accessible to administrators.<\/p>\n\n
While freeze mode is enabled:<\/p>\n\n
This plugin is designed for already-finished sites that should stay online and readable without allowing routine changes, uploads, updates, or content edits until an administrator intentionally unfreezes the site again.<\/p>\n\n
It is not a maintenance mode plugin. Its purpose is to harden finished sites by reducing their WordPress-level attack surface and blocking persistent changes through standard WordPress write routes.<\/p>\n\n
Blocked surfaces include:<\/p>\n\n
This plugin aims to provide a practical WordPress-level freeze mode. It does not claim to provide absolute immutability, server-level filesystem protection, or protection against every possible vulnerability or every custom plugin write path.<\/p>\n\n\n
telchar-site-freeze<\/code> folder to the \/wp-content\/plugins\/<\/code> directory, or install the plugin through the WordPress admin area.<\/li>\n- Activate the plugin through the
Plugins<\/code> screen in WordPress.<\/li>\n- Open
Settings > Read Only Mode<\/code>.<\/li>\n- Enable freeze mode when you want to freeze the site.<\/li>\n<\/ol>\n\n\n
\nWhat does this plugin block?<\/h3><\/dt>\nIt blocks standard WordPress-level persistent changes such as content edits, taxonomy changes, user changes, settings changes, uploads, plugin and theme operations, and core write-style routes through REST, AJAX, and XML-RPC.<\/p><\/dd>\n
What still works while freeze mode is enabled?<\/h3><\/dt>\nFrontend page rendering, browsing, logout, administrator dashboard access, administrator login, and disabling freeze mode still work.<\/p><\/dd>\n
Can visitors still browse the website?<\/h3><\/dt>\nYes. The frontend remains available for normal browsing.<\/p><\/dd>\n
Can users still log in?<\/h3><\/dt>\nLogin is restricted to administrators only while freeze mode is enabled. Logging out continues to work.<\/p><\/dd>\n
Can administrators still access the dashboard?<\/h3><\/dt>\nYes. Administrators can still access the dashboard and disable the freeze from the plugin screen, but persistent write actions remain blocked until freeze mode is disabled.<\/p><\/dd>\n
How do I disable freeze mode?<\/h3><\/dt>\nOpen Settings > Read Only Mode<\/code> in the WordPress admin area and click the disable button.<\/p><\/dd>\nAre media uploads blocked?<\/h3><\/dt>\nYes. Uploading new media is blocked while freeze mode is enabled.<\/p><\/dd>\n
Are plugin and theme updates blocked?<\/h3><\/dt>\nYes. Installing, updating, deleting, activating, switching, and editing plugins or themes through normal WordPress routes are blocked while the freeze is enabled.<\/p><\/dd>\n
What happens if I forget the administrator password?<\/h3><\/dt>\nPassword changes and resets are blocked while freeze mode is enabled, so recovery may require manual intervention outside the plugin.<\/p><\/dd>\n
Are settings changes blocked?<\/h3><\/dt>\nYes. Persistent settings and option changes are blocked while freeze mode is enabled.<\/p><\/dd>\n
Are comments or content changes blocked?<\/h3><\/dt>\nYes. New comments, comment moderation changes, post edits, page edits, and similar content mutations are blocked.<\/p><\/dd>\n\n<\/dl>\n\n\n
1.0.12<\/h4>\n\n\n- Replaced the remaining admin action request helper with explicit local request inspection to reduce review ambiguity around passive mutation detection.<\/li>\n<\/ul>\n\n
1.0.11<\/h4>\n\n\n- Replaced generic request readers with explicit contextual request inspection and switched the post-toggle admin status notice to a controlled transient-based flow.<\/li>\n<\/ul>\n\n
1.0.10<\/h4>\n\n\n- Changed the main freeze toggle button to use site-focused labels instead of the plugin brand name, and updated translation catalogs accordingly.<\/li>\n<\/ul>\n\n
1.0.9<\/h4>\n\n\n- Added a warning encouraging site owners to verify site health before freezing, with a link to Telchar for security audits and related tools.<\/li>\n<\/ul>\n\n
1.0.8<\/h4>\n\n\n- Blocked
post.php?action=delete<\/code> so attachments cannot be permanently deleted from their detail screen during freeze. Returned core-compatible AJAX errors for blocked comment moderation actions so the admin UI shows a visible failure instead of behaving as if the action succeeded.<\/li>\n<\/ul>\n\n1.0.7<\/h4>\n\n\n- Allowed the minimum safe core AJAX actions needed for media and taxonomy browsing in wp-admin, and returned a visible error for blocked AJAX term creation instead of leaving the UI loading indefinitely.<\/li>\n<\/ul>\n\n
1.0.6<\/h4>\n\n\n- Blocked low-level comment creation paths that pass through
wp_new_comment()<\/code> preprocessing so comment writes are denied more consistently during freeze.<\/li>\n<\/ul>\n\n1.0.5<\/h4>\n\n\n- Removed the remaining Heartbeat AJAX exception so frozen sites no longer expose that write-capable route. Added low-level metadata, taxonomy relationship, and user table write blocking to reduce custom code bypasses.<\/li>\n<\/ul>\n\n
1.0.4<\/h4>\n\n\n- Fixed get_server_value() to use $_SERVER directly instead of filter_input(INPUT_SERVER), which returns null in PHP-FPM environments and silently disabled HTTP-method-dependent admin blocks.<\/li>\n<\/ul>\n\n
1.0.3<\/h4>\n\n\n- Renamed the plugin, removed manual translation loading, hardened request validation, added a persistent admin notice while frozen, and updated compatibility metadata.<\/li>\n<\/ul>\n\n
1.0.2<\/h4>\n\n\n- Closed admin-post.php write bypass. Blocked add_option and delete_option during freeze. Strengthened user capability checks. Fixed text inconsistencies in admin UI.<\/li>\n<\/ul>\n\n
1.0.1<\/h4>\n\n\n- Removed dead code in option allowlist. Session tokens are stored in user meta, not options, so the entry had no effect.<\/li>\n<\/ul>\n\n
1.0.0<\/h4>\n\n\n- Initial public release.<\/li>\n<\/ul>","raw_excerpt":"Put your WordPress site in read-only mode \u2014 block persistent changes while keeping the site browsable until an administrator disables the freeze.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/296753","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=296753"}],"author":[{"embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/telchar"}],"wp:attachment":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=296753"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=296753"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=296753"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=296753"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=296753"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=296753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}