外掛說明
DecaRoy Site Helper is a minimal plugin that adds a single REST API
endpoint to read, write, and delete a Google Site Verification meta tag
that is then injected into the document <head> on every page.
The plugin is intended for sites managed programmatically by automation
tools that need to verify domain ownership in Google Search Console
without giving the automation tool FTP or filesystem access.
Features
- Single REST endpoint at
/wp-json/decaroy/v1/head-meta - GET — read current configuration
- POST — set the Google Site Verification token (validated against
Google’s expected format) - DELETE — remove the configured token
- Token is rendered as
<meta name="google-site-verification" ...>
in the <head> viawp_headaction - No tracking, no phone-home, no remote calls
- No database tables, no cron jobs
How it works
When a token is set via POST, it is stored in a single WordPress option
(decaroy_gsc_verification_token). On every page render, the plugin
hooks into wp_head and emits a meta tag with the token. Google can
then read that meta tag during the verification step, after which the
domain becomes available to the verifying account in Search Console.
Authentication uses standard WordPress capabilities: the requesting
user must have manage_options (typically administrators). Pair with
WordPress Application Passwords for headless authentication.
安裝方式
- Upload the plugin folder to
/wp-content/plugins/or install
directly through the WordPress plugins screen. - Activate the plugin through the Plugins screen in WordPress.
-
Use the REST endpoint to set a token:
POST /wp-json/decaroy/v1/head-meta
Content-Type: application/json
Body: {“gsc_verification_token”: “abcd…your-token…”}
常見問題集
-
Does this plugin track my visitors?
-
No. The plugin makes no remote calls and stores no data beyond the
single Google Site Verification token in WordPress options. -
Is the meta tag visible to anyone?
-
Yes. By design, Google Site Verification meta tags are visible in the
HTML source — that is how Google verifies them. The token itself is
not sensitive: knowing it does not grant any access. -
What capability does the REST endpoint require?
-
manage_options. Only administrators can read or write the token.
-
Currently the plugin handles only the
google-site-verificationmeta
tag. Future versions may add support for additional meta tags.
使用者評論
這個外掛目前沒有任何使用者評論。
參與者及開發者
變更記錄
1.0.2
- Corrected Contributors username in readme to match the actual
WordPress.org account that owns this plugin. No code changes.
1.0.1
- Removed Plugin URI (the plugin does not have a dedicated landing page).
Author URI points to the author’s site.
1.0.0
- Initial release.
- REST endpoint to manage Google Site Verification meta tag.
wp_headinjection of the configured tag.