siteground appears to have automatically installed and activated its new "AI Agent" plugin across a huge number of customer WordPress sites.
the plugin was released on april 28, 2026 and quickly reached 1 million+ active installs. largely because it was pushed automatically through siteground-managed WordPress installations.
the WordPress.org review page currently shows an average rating of 1.1/5, with 47 one-star reviews out of 48 total reviews.
Most of what the author discovered is real and technically correct, but it is also undocumented, unsupported, and risky to rely on.
GitHub has changed node ID internals before, quietly. If they add a field to the MessagePack array, switch encodings, encrypt payloads, introduce UUID-backed IDs..
every system relying on this will break instantly.
I fired up a 5$ Hetzner server, and then scanned 10k+ wordpress plugins for security issues, errors, warnings etc using .. it took around 5 days to complete..
Under the hood, it uses the official Plugin Check (via wp plugin check) and PHP_CodeSniffer with the WordPress standards, plus some extra checks for plugin repo requirements and performance. So its basically the plugin check but with a web interface. There are some false positives in the scan results but it gives an overall picture about a plugin.
the plugin was released on april 28, 2026 and quickly reached 1 million+ active installs. largely because it was pushed automatically through siteground-managed WordPress installations.
the WordPress.org review page currently shows an average rating of 1.1/5, with 47 one-star reviews out of 48 total reviews.
https://wordpress.org/support/plugin/sg-ai-studio/reviews/