Changelog

Release Notes

Every feature, every improvement, every fix since v1.0.0.

v2.7.0

Security Center — WAF Dashboard + File Integrity Monitor, Built-In

Added
  • Security Center admin page — a single tabbed dashboard for WAF/login attempts, security events, and file integrity. Surfaces what was already running silently (Security::detectAttacks, login_attempts log, IntegrityGuard::maybeVerify) so you can actually see attacks happen. Replaces Wordfence Premium ($119/yr)
  • WAF tab — recent login attempts (last 30), top attackers by failed-login count (last 7d), blocked IPs table with manual block/unblock, one-click "Block this attacker" from the top-attackers list. KPIs at the top: failed logins (24h), unique IPs (7d), blocked count, FIM status
  • Security Events tab — parses logs/security.log (where Security::detectAttacks writes SQLi / XSS / path-traversal hits), displays timeline with IP, message and context. Up to 30 most recent events
  • File Integrity tab — install fingerprint display, VERIFIED/DRIFT status pill, last tamper report (formatted JSON), one-click "Scan Now" button that triggers IntegrityGuard::verifyManifest(). Includes a response-playbook card for what to do if drift is detected
  • Self-healing blocked_ips table — created automatically on first visit to the page. Idempotent: ON DUPLICATE KEY UPDATE preserves existing blocks. CSRF-protected admin operations throughout
  • Sidebar link — new "Security Center" entry directly below Backups in the admin nav. Shield icon. Standard active-state highlighting
Changed files (5)
native/admin/security-center.php Yeni admin sayfasi (~500 satir): WAF tab + Events tab + FIM tab
native/admin/includes/sidebar.php Security Center baglantisi eklendi (Backups'in altinda)
features.php Marketing grid: 10. kart — Wordfence Premium $119/yr alternative
sites/*/admin/security-center.php 15 site propagated
sites/*/admin/includes/sidebar.php 15 site propagated
v2.6.0

Smart Backup — Scheduled Daily Backups, Built-In

Added
  • Smart Backup scheduled cron — turn on daily auto-backups in the admin (Backups → Smart Backup Schedule card). Pick the hour (default 03:00, low-traffic window). Cron runs BackupManager::scheduledRun() which is idempotent (one backup per day, even if cron fires multiple times). Replaces UpdraftPlus Premium ($70/yr)
  • Retention policy — configurable 7-365 days. Auto-backups older than the cutoff are deleted automatically after the daily run. Manual backups are never auto-deleted. Storage stays bounded
  • Pure-PHP backups — no mysqldump dependency (Hostinger and shared hosts often disable it). Streaming row-by-row dump handles large post tables without exhausting memory. Output is a single ZIP with db.sql + uploads/ + manifest.json
  • External sync hint — the schedule card documents the recommended rclone pattern for syncing the backups/ folder to S3, Google Drive, or Dropbox. Native cloud SDK support is on the v2.6.x roadmap
Changed files (4)
native/classes/BackupManager.php scheduledRun() method eklendi — hour + day guard, retention prune
native/cron.php BackupManager::scheduledRun() cron tick'inde tetikleyici (silent no-op default)
native/admin/backups.php Smart Backup Schedule card: enable + hour + retention slider + CSRF-protected save
features.php Marketing grid: Smart Backup karti — UpdraftPlus Premium $70/yr alternative
v2.5.0

Schema Studio — 13 Schema.org Types, Built-In

Added
  • Schema Studio plugin family — 13 Schema.org types, all driven from the post editor with form-based UI. The full set: Article, BlogPosting, NewsArticle, TechArticle, ScholarlyArticle, Report, FAQPage, HowTo, Product, Event, Review, Course, Recipe (new), and LocalBusiness (new). Replaces Rank Math Pro's schema-builder module ($59/yr) — no subscription, no add-ons
  • Recipe schema — food bloggers can now ship Google Rich Recipe cards: prep/cook/total time (ISO 8601), yield, category, cuisine, calories, ingredient list, step-by-step instructions, aggregate rating. Drives 30-40% CTR uplift on recipe-intent queries
  • LocalBusiness schema — drives Google Maps + local-pack ranking. 18 business subtypes (Restaurant, Store, MedicalBusiness, Dentist, BeautySalon, TravelAgency, …). Full PostalAddress + GeoCoordinates + opening hours + price range + aggregate rating
  • CSV-style data entry — ingredients, instructions and opening-hours all accept one item per line in a textarea. No fragile JavaScript arrays, no clicking +/- buttons; copy-paste works directly from your notes
  • Schema preview + Google Rich Results Test link — the editor shows the live JSON-LD payload AND a one-click handoff to Google's validator. Zero guesswork
Changed files (5)
native/includes/helpers.php output_schema() — Recipe + LocalBusiness case bloklari eklendi (~120 satir)
native/admin/post-edit.php Recipe + LocalBusiness POST handler + UI form fields (CSV textarea pattern)
features.php Marketing grid: Schema Studio karti — Rank Math Pro $59/yr alternative
sites/*/includes/helpers.php 15 site propagate
sites/*/admin/post-edit.php 15 site propagate
v2.4.0

ZeroTrack Analytics — Privacy-First, Cookie-Free, Built-In

Added
  • ZeroTrack Analytics plugin — a built-in, privacy-first replacement for Google Analytics, Plausible and Matomo. Zero cookies. Visitor data never leaves your server. KVKK/GDPR-compliant by design: IP addresses are SHA-256 hashed with a daily-rotated salt, making cross-day correlation mathematically impossible. Auto-activated on install
  • Privacy dashboard in admin → ZeroTrack: page views, unique visitors, sessions, bounce rate, daily trend chart, top pages, referrers, countries, devices, UTM sources. Date range selector (today / 7d / 30d / 90d)
  • Smart filtering out of the box — respects browsers' Do-Not-Track header; excludes logged-in admins; filters Googlebot, GPTBot, ClaudeBot, headless Chrome and 20+ other automation user-agents; configurable IP and path exclusions
  • Reverse-proxy aware — picks up the real visitor IP behind Cloudflare and LiteSpeed (no double-counting your CDN). Country detection via Cloudflare CF-IPCountry header — no third-party GeoIP database needed
  • Self-cleaning — raw pageview rows are deleted after a configurable retention window (default 90 days). Daily aggregates are kept forever for long-term trend analysis with tiny storage footprint
Changed files (7)
native/plugins/zerotrack/plugin.php Plugin manifest + bootstrap
native/plugins/zerotrack/ZeroTrackPlugin.php Tracker beacon endpoint, UA parser, salt rotation, daily aggregator, retention cleanup
native/plugins/zerotrack/activate.php DB schema: zt_pageviews, zt_aggregates_daily, zt_settings
native/plugins/zerotrack/admin/index.php Privacy dashboard — KPIs, trend chart, top tables
native/plugins/zerotrack/admin/settings.php Settings UI: master switch, DNT, exclusions, retention
features.php Marketing grid — ZeroTrack vs Plausible $9/mo
sites/*/plugins/zerotrack/ Propagated to all 15 sites + _template
v2.3.18

Sharper Homepage Hero — A Concrete Hook

Changed files (1)
marketing-includes/header.php hero_title + hero_subtitle (EN/TR) somut hook
v2.3.17

Newsletter Email: Branded Dark Header

Changed files (2)
plugins/newsletter/data/default-templates.php koyu markalı header bandı + bgcolor sağlamlaştırma (native+kök+15 site)
plugins/newsletter/NewsletterPlugin.php SCHEMA_VERSION 2.5.0 → 2.6.0
v2.3.16

Redesigned Newsletter Email Templates

Changed files (2)
plugins/newsletter/data/default-templates.php yeni profesyonel İngilizce e-posta tasarımı (native+kök+15 site)
plugins/newsletter/NewsletterPlugin.php SCHEMA_VERSION 2.4.0 → 2.5.0 (otomatik re-seed tetik)
v2.3.15

Blog Editor: Featured Post & Empty-Content Fix

Fixed
  • Blog post editor opened empty for the featured post — the editor treated ?id=0 (the featured post, which carries id 0) as "new post" because of a id > 0 check, so it never loaded it. It now loads any post when an id is present (0 included); a truly new post is one with no id parameter. Additionally, if a row's body is empty (legacy posts whose content lived only in the static blog data file), the editor pre-fills the form from that source by slug/id for review — saving persists it into the database (display-only, non-destructive, never overwrites existing edits)
Changed files (1)
admin/blog-post-edit.php id=0 düzenleme + blog-data.php boş-içerik ön-doldurma (jekcms.com kök)
v2.3.14

Plugin System Restored on the Main Install (Newsletter Now Lists)

Fixed
  • Newsletter (and all plugins) now appear in the plugin manager — the main install's bootstrap (cloned long ago from an older codebase) was entirely missing the plugin-loader block, so the plugin registrar never ran and no plugin could register itself. The block was restored, identical to the canonical source; the registrar now runs (with the self-healing plugin-table schema), so Newsletter registers automatically and is listed/activatable
Changed files (1)
includes/bootstrap.php eksik plugin-loader bloğu native ile birebir geri eklendi (jekcms.com kök)
v2.3.13

Marketing Blog Editor Now Reachable in Admin

Fixed
  • Blog posts are editable again — the bilingual marketing blog (the EN/TR posts shown on jekcms.com/blog) has its own admin editor that reads the same table the public blog uses, but it had no link in the admin menu, so it looked like the posts weren't manageable (the CMS Posts page only lists the separate site-content table). A "Blog Posts (jekcms.com)" entry was added to the admin sidebar — the existing posts are now listed and editable
Changed files (2)
admin/includes/sidebar.php Marketing Blog (blog-posts.php) nav linki — jekcms.com kök admin
config/translations/{tr,en}.php admin_nav_marketing_blog anahtarı (ham-anahtar regresyonu önlendi)
v2.3.12

Wizard Network Error, Profiles & Plugin Registration Fixed

Fixed
  • "Network error" on Generate fixed — the JSON wizard endpoint (admin/ajax/assistant-json.php) existed only on two installs; it now exists on every site, so Generate works everywhere, not just compass
  • Plugins now register on cloned installs — on installs cloned from an older database the plugins table could be missing newer columns, which made plugin registration fail silently — so the Newsletter plugin never appeared in the plugin manager. The scanner now self-heals the table schema, so Newsletter (and any new plugin) registers and is visible/activatable
Changed files (3)
includes/plugin_hooks.php plugins tablosu şema self-heal (native+kök+15 site)
classes/ImportSchema.php profiles() + themeProfile() genişletildi
admin/ajax/assistant-json.php kök + tüm sitelere yayıldı
v2.3.11

Root Admin Fixes — Content Fixer, Newsletter Link, Wizard Keys

Fixed
  • Content Fixer 404 fixed — the SEO Optimizer's Content/Heading Fixer page existed in the canonical source but was missing from the main install's admin, returning 404. It is now present
  • Newsletter admin link corrected — the Newsletter plugin manifest pointed its admin page to a non-existent path; corrected fleet-wide so the dashboard opens from the plugin manager (the sidebar entry still requires the plugin to be activated)
  • Wizard keys fixed on the main site too — the previous translation-key parity fix covered demo sites but missed the main install; cq_assistant_* keys are now mirrored there as well, so the JSON Generation Wizard no longer shows raw keys
Changed files (3)
admin/content-fixer.php kök kuruluma eklendi (native'den)
plugins/newsletter/plugin.php Admin Page yolu düzeltildi — native+kök+15 site
config/translations/{tr,en}.php + lang/{tr,en}/general.php (kök) cq_assistant_* native paritesi
v2.3.10

Content Queue Wizard — Raw Keys Fixed on All Sites

Fixed
  • JSON Generation Wizard now reads properly on every site — the content-queue assistant translation keys (cq_assistant_*) existed only on a couple of sites, so other sites showed raw keys like "cq_assistant_title" instead of labels. All sites now carry the full key set, mirrored byte-for-byte from the canonical source
Changed files (1)
sites/*/config/translations/{tr,en}.php + lang/{tr,en}/general.php cq_assistant_* native paritesi (15 site × 4 dosya), grep-assert ile sayı eşitliği doğrulandı
v2.3.9

Newsletter Signup Live on the Marketing Site

Fixed
  • Newsletter subscription now works on jekcms.com — the footer "Subscribe" form was built but silently failed when the subscriber table did not exist. The handler now self-creates the table (idempotent, identical schema to the Newsletter plugin, so the plugin admin reads the same subscribers). Homepage stat figures also unified site-wide
Changed files (2)
marketing-includes/ajax/newsletter-handler.php idempotent self-bootstrap (newsletter_subscribers, eklenti şemasıyla birebir)
index.php / about.php / functions.php stat 500+ → 100+ tutarlı, 14→14+, 24/7 lang-aware
v2.3.8

Sub-Page SEO Audit — Documentation Title Fixed

Changed files (1)
docs.php SEO başlığı markalı + anahtar-kelimeli (görünür UI etkilenmez)
v2.3.7

Accurate WordPress-Alternative Page (Verified Features Only)

Fixed
  • Removed an inaccurate capability claim — a "multi-site / fleet management" line was wrongly added to the comparison page, structured data and llms.txt. jekcms has no such product feature; it has been removed everywhere and replaced with verified, real capabilities only
Changed files (2)
wordpress-alternative.php doğrulanmış özelliklerle yeniden yazıldı (multi-site kaldırıldı)
header.php + llms.txt uydurma özellik kaldırıldı, gerçek yeteneklerle değiştirildi
v2.3.6

No Orphan Pages — Full Internal Linking

Fixed
  • No orphan pages — every public marketing page is now reachable via the footer + sitemap + clean URL with EN/TR variants. The "Report Piracy" page was orphaned (no link anywhere) and is now footer-linked and crawlable; the WordPress-alternative page was already footer-linked (verified)
Changed files (2)
marketing-includes/footer.php report-piracy Legal bölümüne eklendi
functions.php + .htaccess + sitemap.php report-piracy slug map + TR slug + temiz-URL allowlist + sitemap
v2.3.5

AI-Search Visibility & WordPress-Alternative Positioning

Added
  • WordPress Alternative comparison page — a new, honest /wordpress-alternative (TR: /tr/wordpress-alternatifi) page with a factual jekcms-vs-WordPress table and FAQ (FAQPage structured data), sitemap + hreflang + footer-linked
  • llms.txt — a machine-readable summary at /llms.txt so AI assistants can accurately describe jekcms as a self-hosted CMS / WordPress alternative
Changed files (3)
.htaccess AI bot 403 kaldırıldı (SEO-scraper engelli kalır); wordpress-alternative temiz-URL + TR slug
robots-txt.php GPTBot/OAI/Claude/Perplexity/Google-Extended… açık Allow grupları + llms.txt referansı
llms.txt + wordpress-alternative.php YENİ; header.php SoftwareApplication=CMS + meta; sitemap + footer + slug map
v2.3.4

Marketing-Site SEO Hardening

Changed files (1)
.htaccess www→non-www+https tek hop; .php→temiz URL 301 (allowlist, THE_REQUEST guard, static-serve öncesi)
v2.3.3

Article Rendering & Internal-Link Integrity Fixes

Fixed
  • Broken internal links repaired at the source — The auto internal linker could run over raw Markdown and inject a link inside a Markdown link, which the renderer then turned into corrupted, half-visible anchor markup. Markdown links/images are now protected, so internal linking can never mangle content again. The link cleaner was also hardened to fully remove any pre-existing corrupted/leaked link debris — re-running the internal-link scan on an affected site now self-heals old content
  • Checklists render properly — Markdown task lists (- [ ] / - [x]) now show real checkbox glyphs instead of literal "[ ]" text
  • Tables are styled — Markdown tables in articles now render with borders, padding and header styling instead of columns running together
  • No more double bullets — list items showed both a default bullet and a custom marker; the duplicate is gone
  • Related posts fixed — the related section rendered twice, once as full-width stacked images; the broken duplicate was removed, leaving the clean card grid
  • Featured image aspect ratio — single-post cover images now use a proper 16:9 frame instead of a cropped near-square
  • Table of contents shows accented characters correctly — the on-page contents list double-escaped HTML entities, showing things like "Güncel" instead of "Güncel"; titles are now decoded before display (anchors stay in sync)
  • Front-end fixes now go live immediately — deploys purge the page cache, so a fix is no longer masked by up-to-5-minutes of stale cached HTML
Changed files (4)
includes/auto-linker.php markdown link/görsel placeholder koruması (iç içe anchor kök nedeni)
includes/helpers.php parse_markdown GFM task-list ([ ]/[x] → onay kutusu glyph)
themes/travel (subpages.css, single.php) tablo CSS + çift-madde list-style:none + bozuk dublikat related blok kaldırıldı
themes/health (single-v2.css) .h-single__cover 4/3 → 16/9 (native + ilgili siteler)
v2.3.2

JSON Wizard Rename & Calendar Visibility Fix

Fixed
  • Content calendar fixed — schedule is visible again — On some installs the whole calendar silently came back empty: the underlying query referenced a column that older content-queue tables never had, so it failed and showed nothing. The query is now schema-independent and self-healing, and the month view also shows every scheduled item regardless of its state (draft / approved / in-progress / done), colour-coded by status
  • Calendar hover preview used the wrong image field in one branch — corrected
Changed files (2)
admin/content-queue.php takvim status filtresi genişletildi (scheduled_date olan tüm öğeler) + görsel-alan dal hatası
lang/*/general.php, config/translations/* cq_assistant_title → JSON Oluşturma Sihirbazı / JSON Generation Wizard
v2.3.1

Cleaner Content Queue Import Screen

Changed files (1)
admin/content-queue.php import sekmesi: bölüm ayrımı (gap) + statik format kutuları kaldırıldı — native + _template + 14 site senkron
v2.3.0

Reliability, Security & Always-On Delivery

Added
  • Two-Factor Authentication (TOTP) — Modern QR setup card in every site's Security settings. Scan with Google Authenticator / Authy / 1Password; self-hosted QR (no third party), with a manual key fallback. Login enforcement is fail-open by design — a 2FA glitch can never lock you out
  • Zero-downtime auto-deploy — Updates now ship to the whole fleet automatically within minutes of a change, over HTTPS, with a post-deploy health check. No manual uploads, no SSH, no lockouts
Fixed
  • Site name in Google results — A long-standing settings storage issue made search engines fall back to the bare domain. Now every site shows its real configured name in titles, social cards and structured data — fleet-verified
  • Stay signed in — Admin sessions no longer drop unexpectedly; they persist until you explicitly sign out (root cause: server session garbage-collection wasn't aligned with the configured lifetime)
  • Footer & branding — Footer renders reliably and is driven from a single source in General Settings (slogan / footer text), bilingual (TR/EN) where applicable; placeholder/demo remnants removed
Changed files (5)
includes/Totp.php / QrSvg.php NEW — self-hosted TOTP + QR (SVG)
deploy/deploy-all.sh NEW — sunucu-tarafı ban-proof auto-deploy + smoke-test
includes/Session.php gc_maxlifetime fix (oturum kalıcılığı)
admin/settings.php modern 2FA kartı + settings persistence (SERP) fix
marketing-includes/footer.php bulletproof footer
v2.2.0

Two-Factor Auth, Smart Newsletter & Customer Update Channel

Added
  • Admin two-factor authentication (TOTP) — Optional time-based 2FA with QR enrollment, enabled/disabled per account from Security settings; compatible with any authenticator app
  • Smart newsletter digests — The subscription plugin can now send an automated weekly or monthly roundup of new posts (frequency off/weekly/monthly + day-of-month), reliably driven server-side via cron with per-period de-duplication
  • Customer self-update channel — End-to-end signed update delivery: the update manifest is verified with an embedded public key so verification works on every install, SHA-256 is mandatory, and a one-command release packager builds a clean core package with a key-pair safety gate that refuses a mis-signed release
Fixed
  • Critical SEO: archive pages no longer soft-404 — On the Tech & Minimalist themes every category/author archive returned a hard 404 (the template read a routing key that was never set); these pages now resolve correctly and author archives are fully supported
  • API write authorization — An authenticated low-privilege token can no longer create/modify/delete content or touch another author's posts; role + ownership are enforced from the product's own capability model
  • Sitemap/robots resilience — Security user-agent heuristics could return 403 to Googlebot/Search Console for sitemap*.xml/robots.txt; these endpoints now bypass every blocking rule so indexing is never accidentally lost
  • Footer social links — The marketing footer now renders only the accounts configured in General Settings → Social Media (placeholder/demo links removed)
Changed files (9)
native/includes/Totp.php NEW — RFC6238 TOTP
native/admin/login.php 2FA 2-adım akışı
native/plugins/newsletter/classes/WeeklyDigest.php haftalık+aylık dispatch
native/themes/{tech,minimalist}/templates/archive.php archive_slug + author dalı
native/api/v1/index.php authorizeWrite() rol/sahiplik
native/.htaccess sitemap/robots güvenlik-bypass
native/classes/Updater.php gömülü public key + managed guard
tools/release.php NEW — release paketleyici + anahtar self-doğrulama
marketing-includes/header.php şema adı i18n
v2.1.3

Security Hardening & Update Integrity

Fixed
  • Critical: SSRF blocked — Server-side image fetch (media-from-URL) now allows only http/https public hosts; private/loopback/link-local and cloud-metadata addresses are rejected, redirects disabled, size-capped
  • High: Markdown XSS blocked — Link/image URLs in content are scheme-allowlisted; javascript:, data:, vbscript: and protocol-relative URLs can no longer reach href/src
  • High: Cross-site request hardening — State-changing requests now also enforce same-origin (Origin/Referer) on top of the CSRF token, covering all admin action pages at once
  • SVG upload XSS blocked — Uploaded SVGs containing scripts, event handlers, foreignObject, external refs or XML entities (XXE) are rejected; static SVGs still allowed
  • Update integrity mandatory — Updates without a verified SHA-256 are refused; manual ZIP apply is off by default unless the official hash is provided; developer-license localhost detection now requires a real loopback connection (Host-header spoof closed)
Changed files (8)
api/v1/index.php validateRemoteUrl() SSRF guard
includes/helpers.php parse_markdown URL şema allowlist
includes/Security.php CSRF same-origin + SVG denylist
classes/Updater.php zorunlu sha256 (hash_equals)
admin/updates.php manuel ZIP default-kapalı + sha256 gate
classes/License.php isLocalhost loopback-peer zorunlu
tools/check-drift.php NEW — standardizasyon drift denetimi
STANDARDIZATION.md NEW — propagasyon/governance modeli
v2.1.2

Core Web Vitals: Responsive Images, LCP & Caching

Changed files (5)
includes/helpers.php jek_img_optimize() global filtre + instant-search async
index.php ob_start('jek_img_optimize') (yalnız frontend)
classes/Media.php regenerateVariants() — eksik boyut varyantı backfill
cron.php görsel varyant backfill (nazik, cursor, idempotent)
themes/travel/* picture()/LCP + koşullu critical-CSS
v2.1.1

Clean Content Rendering: Markdown, Code Blocks & Encoding

Fixed
  • Critical: Raw Markdown Headings — When a post mixed HTML with Markdown (the normal output of AI/automation), ## / ### headings, fenced code blocks and lists were printed literally instead of being rendered. The Markdown engine was rewritten so block elements are converted even alongside HTML
  • Critical: Shell Commands Became Headings — Code (fenced ``` / ~~~, inline, and existing <pre>) is now protected before any heading parsing, so # shell comments and #!/bin/bash lines are never mistaken for titles
  • Legacy Linux Articles Repaired — WordPress-imported command blocks that had broken apart (<pre>…</p><p>…</pre>) were rejoined into clean multi-line code blocks
  • Critical: Turkish Text Corruption (Mojibake) — Some automated content arrived double-encoded (Turkish letters shown as CJK glyphs, e.g. "Çikolata" → "脟ikolata"). The API now repairs every inbound write path automatically (self-validating, no false positives), and a fleet tool cleans existing content across all sites
Changed files (5)
includes/helpers.php parse_markdown() v2 — kod-koru-önce, başlıklar HTML içerikte de
api/v1/index.php fixMojibake() güçlendirildi + demojibakeDeep() (tüm write yolları)
marketing-assets/css/main.css .nl-band site token'ları + pill
tools/fix-mojibake-all.php NEW — 15 site fleet mojibake onarımı
tools/fix-celil-pre.php NEW — celil <pre> komut bloğu onarımı
v2.1.0

Reliable Theme Switching, 17 Auto-Publish Networks & Full-Width Admin

Added
  • Regional & Fediverse Auto-Publish — Eight new networks join the social automation engine: Pixelfed, Misskey/Sharkey, WriteFreely, Micro.blog and Lemmy (token/instance), VK (OAuth2), plus Hatena Bookmark and Plurk (OAuth1). Every connected account receives new posts automatically with per-platform pacing and back-off
  • Honest Capability Notes — Networks without a safe, official publishing API (Xing, Naver, Nostr) are now clearly labelled with the reason instead of silently failing — no fake connectors
Fixed
  • Critical: Theme Switching Failed — Because settings.key is uniquely indexed, the old "UPDATE then INSERT-if-zero-rows" path threw a duplicate-key error whenever the value was unchanged (re-activating a theme, or the automatic previous-theme snapshot on every switch). The activation aborted with a database error and the theme never changed. Theme writes are now a single-row upsert (delete + insert) that also self-heals any pre-existing duplicate/stray rows. Active-theme reads are deterministic (canonical group, newest row) so the front-end always reflects the chosen theme
Changed files (4)
admin/themes.php setThemeSettingRow() singleton upsert; tüm yazım noktaları
includes/helpers.php get_active_theme() deterministik sorgu
plugins/jek-social/classes/adapters/* Pixelfed/Misskey/WriteFreely/Microblog/Lemmy/Vk/Hatena/Plurk
admin/plugins/jek-social/connections.php .js-wrap tam genişlik + yeni platform formları
v2.0.1

Smart Next-Gen CMS — Admin UI Overhaul, Bulletproof Slugs & Autosave

Added
  • New Admin Design Language — Unified badge system (5 pill variants: success/danger/warning/info/neutral), stat-card-v2 with colored backgrounds + decorative SVG, quick-action outline buttons, state-block for empty/error states
  • Language Toggle — TR/EN switcher in admin header with session-based override ($_SESSION[admin_lang_override]), persists across navigation
  • Draft Autosave — Post editor saves every 30s + localStorage offline fallback. Status pill bottom-right: "Saving…" / "Saved · 15:42" / "Offline". Restore prompt on reopen if unsaved changes found
  • Anonymous Previewpreview.php?token=XXX with 48-hex-char secret tokens stored in post_meta. Click "Preview Link" button, URL auto-copied to clipboard. Orange banner indicates preview mode
  • Revision Diff — Click any revision → modal with word-level diff (jsdiff via CDN). Green additions / red strike-through deletions. "Restore this revision" with automatic snapshot
  • Word Count Distribution — Dashboard shows stacked bar of post word counts (0-500, 500-1K, 1K-1.5K, 1.5K+) with hover tooltip
  • Date Range Filter — Post listing has native date pickers for date_from/date_to
  • Media Grid/List Toggle — Library view switches between grid and vertical list, preference saved to localStorage
  • Slug Rebuild Tooladmin/tools/rebuild-slugs.php — dry-run preview + conflict handling + CLI mode for batch operations
Fixed
  • Critical: Turkish Slug Bugmb_strtolower() was converting İ (U+0130) into composite sequences, breaking the transliteration map and leaving orphan bytes as hyphens. New slugify() runs strtr BEFORE lowercasing with comprehensive map (Turkish + Latin extended). Fixed 866 bad slugs across all sites
  • Sidebar Border Bug.sidebar-brand was 56px but --header-height: 60px, creating a 4px misalignment visible as a horizontal line. Now uses var(--header-height)
  • profile.php 90s Button.avatar-actions .btn-sm had border-radius: 50% rendering buttons as blobs. Plus "Active" was hardcoded English in Turkish admin. Both fixed
  • Settings Thumbnail Inputs — Pixel inputs had no styling (native browser default — 90s). Now proper padding, focus ring, contained background
  • Logo Regressionlogo-yatay.svg was an obsolete test logo. Replaced with logo-dikey.svg + inline SVG in sidebar (matches admin login)
  • License Page Branding — Fake blue [J] SVG monogram replaced with real logo-dikey.svg. Hardcoded #28a745 colors migrated to CSS variables
  • Updates Page UX — License inactive / update failed / up-to-date states use unified pill-badge format. Raw English errors removed from Turkish UI
Changed files (32)
includes/helpers.php slugify() — bulletproof Turkish + Latin extended
api/v1/index.php generateSlug() wrapper → slugify()
config/functions.php Session-based admin_lang_override
admin/ajax/autosave.php Existing — no change (frontend added)
admin/ajax/preview-token.php NEW — generates 48-hex preview tokens
admin/ajax/revision-get.php NEW — fetches revision JSON for diff
admin/ajax/revision-restore.php NEW — restores post from revision
admin/tools/rebuild-slugs.php NEW — slug rebuild UI
admin/tools/rebuild-slugs-cli.php NEW — CLI version
admin/post-edit.php Autosave JS, preview link, revision diff modal
admin/posts.php Date range filter
admin/media.php Grid/list toggle
admin/profile.php 90s button fix + TR translate
admin/settings.php Thumbnail input styling
admin/fix-images.php Pill-badge + icon buttons
admin/content-fixer.php Unified badge system
admin/license.php logo-dikey.svg + CSS vars
admin/updates.php Pill-badge state blocks
admin/login.php Tagline added
admin/assets/css/admin.css Pill-badge, qa-btn, stat-card-v2, lang-toggle
admin/includes/sidebar.php Border fix + slug tool link + inline SVG logo
admin/includes/header.php Language toggle button
admin/includes/init.php set_admin_lang handler
preview.php NEW — anonymous token-based draft viewer
config/constants.php CMS_VERSION = 2.0.1
version.json v2.0.1, db_version 6
marketing-includes/header.php Hero title → "Smart Next-Gen CMS" / "Akıllı Yeni Nesil CMS"
marketing-includes/footer.php logo-dikey.svg + site_tagline
marketing-assets/css/main.css .ss-frame (screenshot component) + .footer-tagline
marketing-includes/ss-helper.php NEW — ss_frame() / ss_step() helpers
tools/sync-from-celil.sh NEW — deployment script (21 verbatim files)
tools/patch-from-celil.php NEW — surgical patch script (6 targeted edits)
v1.5.3

Auto-Seed Settings, Core Web Vitals, Update System & SEO Hardening

Added
  • Settings Auto-Seedensure_default_settings() automatically seeds site_name and site_alternate_name into the database on first page load. Cache-file based, zero performance impact after initial run. No more manual SQL for new sites
  • Migration Systemmigrations/5_seo_settings_seed.php created across all sites. Update system can now distribute database changes automatically
  • LCP Eager Loading — First post card image on page 1 gets loading="eager" fetchpriority="high" across all theme architectures. Expected ~200-500ms LCP improvement
  • CLS Preventionwidth and height attributes added to all post card images. Eliminates layout shift completely
  • CSS Cache Busting?v=THEME_VERSION parameter added to stylesheet links in starter theme headers
  • Update Server Connectedapi/updates/check.php now uses real UpdateManager with database queries instead of static stub response. Graceful fallback on connection errors
  • jekcms Backlinks — All footer files across active sites, admin panels, and bundled themes now link to jekcms.com with "jekcms" anchor text and rel="noopener noreferrer"
  • Marketing SEO — Real favicon URL (SVG), application-name meta tag, theme-color, WebSite schema alternateName added. Decorative text moved to CSS to prevent Google sitelink pollution
Fixed
  • Sitemap pagination URLs removed — ?page=2, ?page=3 etc. no longer appear in homepage, category, tag, and author sitemaps. These thin pages wasted crawl budget
  • Thin tag pages now noindex — Tag pages with fewer than 3 posts get noindex, follow via output_robots_meta() to prevent thin content indexing
  • Markdown # Heading now renders as <h2> instead of <h1> — prevents double H1 on post pages where title is already H1
  • SQL migration file sql/v1.5.1-seo-site-names.sql deleted — replaced by automatic ensure_default_settings() mechanism
  • Marketing site favicon was data URI — Google requires real URL for SERP favicon display. Replaced with proper /favicon.svg
  • Marketing site showed "Dashboard Posts Media Settings" as Google sitelinks — decorative text moved from HTML to CSS content: attr(data-label)
Changed files (18)
includes/helpers.php ensure_default_settings() + thin tag noindex + markdown H1→H2
includes/bootstrap.php ensure_default_settings() call added
classes/Sitemap.php Pagination URLs removed
migrations/5_seo_settings_seed.php NEW — DB seed migration
version.json v1.5.3, db_version 5
themes/*/partials/post-card.php LCP eager + CLS dimensions
themes/*/templates/index.php Featured image eager loading
themes/*/templates/archive.php Card index parameter
themes/*/templates/header.php CSS cache busting
themes/*/functions.php render_post_card index param
themes/*/templates/footer.php jekcms backlink
admin/includes/footer.php jekcms backlink noreferrer
api/updates/check.php Real UpdateManager connection
favicon.svg NEW — Root favicon for Google SERP (marketing)
index.php Mockup text → CSS data-label (marketing)
marketing-includes/header.php Favicon + application-name + schema (marketing)
marketing-assets/css/main.css Mockup nav CSS content rule (marketing)
changelog.php v1.5.3 release entry (marketing)
v1.5.2

Deep SEO Audit — Schema, OG Image, Core Web Vitals & Accessibility

Fixed
  • BlogPosting author schema missing url property — Google requires author URL since 2023. Added author.url pointing to /author/{slug} across all sites
  • BreadcrumbList last item missing item (URL) property — Google Rich Results test was reporting errors. Fixed both category and non-category code paths across all sites
  • og:image:width and og:image:height meta tags missing in bundled theme functions.php files — Facebook/LinkedIn image previews could render incorrectly. Added 1200×630 dimensions
  • Featured/hero image missing fetchpriority="high" in active theme single.php files — LCP (Largest Contentful Paint) performance impact. Also added width/height where missing
  • Author avatar <img> tags had empty alt="" in active theme files — accessibility and image SEO issue. Replaced with author name
  • Hardcoded <html lang="tr"> in affected themes — replaced with dynamic get_setting() for correct language declaration
Changed files (4)
includes/helpers.php Author URL + BreadcrumbList item fix
themes/*/functions.php og:image:width/height added
themes/*/templates/single.php fetchpriority + avatar alt text
themes/*/templates/header.php Dynamic html lang attribute
v1.5.1

SEO Audit — Pagination, Sitemap Language, Tag Cleanup & OG Locale

Fixed
  • Pagination URL double query string bug — ?page=3?page=4 caused by get_canonical_url() returning ?page=N. Now strips page param from baseUrl before rebuilding
  • Schema $currentUrl missing ?page=N on paginated pages — canonical and schema URLs now consistent
  • ?page=1 duplicate content — 301 redirect to clean URL added in all site .htaccess files
  • News sitemap hardcoded <news:language>en</news:language> — now uses get_setting('general', 'site_language') dynamically across all sites
  • Tag URLs returning 301 to homepage — changed to proper 410 Gone response with minimal HTML page across all sites
  • BlogPosting schema missing inLanguage property — added dynamic language detection across all sites
  • og:locale hardcoded to en_US on Turkish sites — now dynamically set to tr_TR or en_US based on site language setting
  • AVIF → WebP schema image fallback missing file_exists() check — WebP URL was emitted even when file didn't exist
Changed files (6)
includes/helpers.php Pagination fix, schema URL, inLanguage, AVIF fallback
.htaccess ?page=1 redirect rule
classes/Sitemap.php News language dynamic detection
config/routes.php Tag 410 Gone response
themes/*/header.php og:locale dynamic setting
themes/*/functions.php og:locale dynamic setting
v1.5.0

Duplicate Prevention, Smart Thumbnails & Admin Tools

Added
  • Post::checkDuplicate() method — detects duplicate posts by title or slug before creation
  • Duplicate check integrated into all API webhooks: webhookPublish, webhookSchedule, webhookDraft, webhookBulkPublish, webhookContentGenerate
  • HTTP 409 response with full existing post details (id, title, slug, status, url) when duplicate detected
  • force_duplicate: true request parameter to bypass duplicate check when intentional duplicates are needed
  • Bulk publish silently skips duplicates with skipped counter instead of blocking
  • Admin "Duplicates" button on Posts page — opens modal with full duplicate analysis
  • Slug pattern detection engine: finds posts ending with -N (N=1-10) where the base slug also exists as another post
  • Single-click and bulk "Trash All Duplicates" actions with real-time UI updates
  • Image proxy fallback in get_featured_image() — when pre-generated thumbnail files are missing, dynamically resizes via image-proxy.php
  • Size dimension map: thumbnail (400×400), card (480×300), medium (800×500), large (1600×1000)
  • AVIF → WebP → original format cascade when looking up sized variants
  • Content Queue sidebar badge now counts queued status alongside draft and ready
Changed files (6)
classes/Post.php checkDuplicate() method added
api/v1/index.php checkDuplicatePost() + webhook integrations
admin/posts.php Duplicates button, modal, JavaScript
admin/ajax/find-duplicates.php NEW — AJAX duplicate finder endpoint
includes/helpers.php get_featured_image() image-proxy fallback
admin/includes/init.php Content Queue badge query updated
v1.4.5

Production Hardening — SEO Fixes, License Enforcement & Session Security

Added
  • output_robots_meta() function — per-page robot directives (noindex for 404, search pages; post-level override)
  • License enforcement in init.php and login.php — redirects to license.php when no active license key is configured
  • Cross-site session hijacking prevention: cookie path scoped to site-specific URL path via parse_url(SITE_URL, PHP_URL_PATH)
  • Session _site_hash verification in Auth::loadUser() — prevents authenticated sessions from bleeding across co-hosted sites
  • Site-specific remember_token cookie path — remember-me tokens no longer shared between sites on same domain
  • Footer branding standardized across all installations
Fixed
  • API upload path double uploads/uploads/ prefix — uploadFromUrl() and uploadFromBase64() now strip redundant prefix before saving to database
  • Duplicate <link rel="canonical"> tags removed from affected site headers where both inline and output_seo_head() emitted canonicals
  • FAQ schema output: enforced minimum 3 items with 50+ character answers, maximum 10 items, deduplicated across helpers
  • Sidebar category post counts removed per design rules — "(5)" count display no longer appears in category listings
  • Author name links converted from non-clickable <span> to proper <a href> anchor tags in single.php files
  • SITE_NAME config spacing corrected — compound names like "FinanceSubject" updated to properly spaced "Finance Subject"
  • Schema.org URLs stripped of tracking parameters (utm_source, fbclid, etc.) via parse_url()
  • Post card images missing width/height attributes — CLS prevention applied across affected sites
Changed files (7)
api/v1/index.php Upload path fix
includes/helpers.php robots_meta, FAQ schema, schema URL cleanup
classes/Auth.php _site_hash verification, cookie path
classes/Session.php Site-specific cookie path
admin/includes/init.php License enforcement redirect
admin/login.php License check before auth
sql/v1.4.5-migration.sql Fix corrupt featured_image paths
v1.4.0

SEO Overhaul, Content Optimizer, Breadcrumbs & Table of Contents

Added
  • Complete SEO overhaul across all active sites — meta tags, Open Graph, Twitter Cards, Schema.org structured data reviewed and standardized
  • Breadcrumb navigation with Schema.org BreadcrumbList markup added to every site
  • Table of Contents (TOC) — automatically generated from <h2>/<h3> headings, renders as sidebar widget or inline block depending on theme
  • Content Optimizer with dictionary-based synonym refresh — replaces removed AI API (Gemini/Groq) approach that broke Turkish morphology
  • Turkish synonym dictionary (~200 modern word pairs) and English synonym dictionary (~180 pairs) with archaic terms removed
  • Auto language detection via get_setting('general', 'ai_content_language') for optimizer dictionary selection
  • Google SERP site name fix: ?? operator replaced with ?: to catch empty strings in og:site_name and WebSite schema
  • <meta name="application-name"> tag added to all theme headers for Google site name signal
  • Pinterest Compose API endpoint for Livecub — Gemini generates photo, PHP GD adds text overlay, 5 layout templates, 1000×1500 output
  • SosyalMedya cover image engine replaced: PHP GD gradients → Gemini Image API professional photographs (1080×1920, AVIF, 5 styles)
  • Turkish slug generation fix: generateSlug() now properly transliterates ç, ğ, ı, ö, ş, ü across all sites
  • fix-slugs.php utility script for repairing existing corrupted Turkish slugs in production databases
Fixed
  • robots.txt files had unresolved {{SITE_DOMAIN}} placeholders in affected sites
  • hobirehber schema function was named output_hobbyrig_schema() instead of output_hobirehber_schema()
  • CSP header in production was blocking Google Analytics, AdSense, and Facebook Pixel domains
  • MinimalistRig posts had full URLs in featured_image column instead of relative paths
  • Livecub favicon was showing jekcms [J] icon instead of Livecub L+Heart brand icon
Changed files (7)
includes/helpers.php SEO functions, breadcrumbs, TOC, schema fixes
includes/ContentOptimizer.php Dictionary-based synonym refresh engine
admin/content-optimizer.php Optimizer admin interface
themes/*/header.php Breadcrumbs, meta tags, application-name
themes/*/single.php TOC integration
themes/*/style.css Breadcrumb and TOC styling
api/v1/pinterest-compose.php NEW — Pinterest image composer (Livecub)
v1.3.1

Critical SEO Fix, Multi-Site Template & Documentation

Added
  • _template/ directory established as the canonical base for creating new jekcms sites — includes all required files, folder structure, and placeholder variables
  • Dual-environment configuration: .env (local development) and .env-production (live server) with automatic detection based on hostname
  • Placeholder system for rapid site cloning: {{SITE_NAME}}, {{SITE_SLUG}}, {{SITE_DOMAIN}}
  • Standard error pages: 400, 401, 403, 404, 500, 502, 503 with consistent branding
  • Maintenance mode page (maintenance.php) with countdown timer
  • Standardized .htaccess with GZIP compression, browser caching (1 year for static assets), security headers, and URL rewriting
  • Complete deployment documentation: architecture guide, SEO checklist, responsive images reference, upgrade instructions
Fixed
  • Critical: Removed X-Robots-Tag: noindex HTTP header that was accidentally blocking all Google indexing across production sites
  • Admin content queue retry: attempts counter now resets to 0 when a failed task is re-queued
  • Removed obsolete Pinterest sharing code from post editor panel
  • Removed e-commerce menus (Sales, Customers) from blog-only site admin panels — these belong to the main marketing site only
  • Synchronized missing AJAX endpoints (comment, newsletter, comment-like) across all sites
  • Added missing SpamFilter.php class to kriptogetiri
Changed files (6)
sites/_template/ NEW — Complete site template directory
.env.example Environment configuration template
maintenance.php NEW — Maintenance mode page
error.php NEW — Unified error handler (400-503)
.htaccess Standardized security + performance rules
skills/*.md Architecture, deployment, SEO, image documentation
v1.3.0

E-Commerce, Customer Portal, License System & Multi-Language Engine

Added
  • Complete e-commerce system with iyzico payment gateway integration — credit card processing, 3D Secure, installment support
  • Order management lifecycle: create → payment → confirmation → processing → completed, with cancellation and refund flows
  • PDF invoice generation with automatic numbering, tax calculation, and downloadable customer receipts
  • Customer portal at /customer/ — dashboard with order history, active licenses, downloadable invoices, and profile management
  • Support ticket system with threaded messages, priority levels, and admin response tracking
  • Multi-language engine with database-driven translations — Turkish and English supported out of the box, extensible to any language
  • Translator class with lazy-loading approach: strings parsed on demand, not upfront — significant memory reduction on multi-locale installations
  • jekcms license system with 6 tiers: DEV (free), PER (personal), STD (standard), PRO (professional), AGC (agency), ENT (enterprise)
  • License activation, validation, and deactivation API at /api/license/
  • Update server with check, download, and report endpoints at /api/updates/
  • Image proxy with SSRF protection — blocks private IP ranges (10.x, 172.16-31.x, 192.168.x, 127.x) and automatic garbage collection (7-day TTL)
  • Cache management system: page cache, query cache, object cache, sitemap cache, feed cache, image cache with admin AJAX clear controls
  • Rate limiting with IP-based tracking and configurable thresholds
  • IP blocking list for persistent abusers
  • SEO pagination: rel="next"/rel="prev" tags, canonical URL query string exclusion, robots.txt Allow: /*?page=
  • Responsive image srcset generation with automatic width/height attributes for CLS prevention
  • Gravatar 2x rendering for HiDPI/Retina displays
Breaking
  • Sites relocated to sites/ directory structure — existing installations require path migration
Changed files (14)
classes/Order.php Order management
classes/Customer.php Customer accounts
classes/Invoice.php PDF invoice generation
classes/SupportTicket.php Support ticket system
classes/Translator.php Multi-language engine
classes/Payment/IyzicoGateway.php iyzico payment integration
classes/Security.php Rate limiting, CSRF, XSS protection
classes/License.php License client
classes/Updater.php Update client
includes/image-proxy.php SSRF-protected image proxy with GC
includes/cache-cleanup.php Cache garbage collection
customer/ NEW — Customer portal directory
api/license/ NEW — License API endpoints
api/updates/ NEW — Update server API endpoints
v1.2.1

Admin Panel English Translation & UI Polish

Added
  • Complete English translation of all admin panel interface elements — menus, labels, buttons, tooltips, error messages, and success notifications
  • Unified terminology across admin: consistent use of "Posts", "Pages", "Media", "Settings" throughout all modules
  • Post voting system activated — thumbs up/down with per-IP deduplication
  • Post view counter with bot-filtered tracking
  • Newsletter module wired into admin sidebar under PLUGINS section
  • AI content queue foundation — infrastructure for automated content generation pipeline
Fixed
  • Admin sidebar spacing reduced for cleaner navigation appearance
  • CSS improvements across admin panel — consistent padding, border alignment, and responsive behavior on smaller screens
v1.2.0

Plugin Architecture, Newsletter System & Advertising Module

Added
  • Plugin enable/disable system with database-driven management — plugins can be activated, deactivated, and configured without code changes
  • Newsletter module with subscriber management, campaign creation, and delivery tracking — moved from core to PLUGINS menu for optional activation
  • Advertising system for banner and inline ad placements with impression and click tracking
  • Contact form with spam protection, email notifications, and admin message management
  • Email delivery logging with status tracking (sent, failed, bounced)
  • Spam protection logging for audit and pattern analysis
  • Admin sidebar reorganized: PLUGINS section separated from core navigation
  • API endpoint enhancements for external integrations
Changed files (6)
classes/Plugin.php Plugin management engine
classes/Newsletter.php Newsletter subscriber + campaign system
classes/Advertising.php Ad placement and tracking
classes/SpamFilter.php Spam detection and logging
admin/plugins.php NEW — Plugin management interface
admin/newsletter.php NEW — Newsletter administration
v1.1.0

Environment System, SEO Tools & Performance Foundation

Added
  • Environment configuration system — automatic local/production detection based on hostname with separate database credentials and URL settings
  • SEO Optimizer admin tool with on-page analysis, keyword density checker, and readability scoring
  • Extended sitemap system: sitemap.xml index with separate sitemap-posts.xml, sitemap-pages.xml, and sitemap-categories.xml
  • Schema.org auto-detection: Article, BlogPosting, WebPage, and WebSite structured data injected per page type
  • Post view tracking with post_views table — bot-filtered, deduplicated by IP, used for "Popular Posts" widgets
  • Post voting system infrastructure with post_votes table — per-IP rate limiting, thumbs up/down
  • Performance baseline: output buffering, query logging in development mode, execution time tracking
  • Advanced robots meta controls: per-page noindex/nofollow settings in post editor
Changed files (4)
config/environment.php NEW — Environment auto-detection
admin/seo-optimizer.php NEW — SEO analysis tool
includes/sitemap.php Extended sitemap generation
includes/schema.php Schema.org structured data
v1.0.0

Initial Release — Blog CMS Foundation

Added
  • Core blog CMS with post and page management — WYSIWYG editor, draft/published/scheduled status workflow, revision history
  • User authentication with role-based access control: admin, editor, author, subscriber — each role has granular permission boundaries
  • Hierarchical category system with unlimited nesting depth and SEO-friendly URL slugs
  • Tag management with auto-suggest, bulk operations, and tag cloud generation
  • Media library with drag-and-drop upload, AVIF/WebP automatic conversion, and gallery management
  • Theme system supporting 14+ premium themes — each theme is a self-contained directory with templates, partials, assets, and configuration
  • Responsive design with mobile-first approach — all themes pass Google Mobile-Friendly test out of the box
  • Comment system with nested replies, Gravatar integration, and admin moderation queue
  • Basic SEO: <title> tags, <meta description>, canonical URLs, and XML sitemap generation
  • RSS feed at /feed.xml with full-content and excerpt modes
  • Search functionality with relevance scoring across titles, content, and excerpts
  • Admin dashboard with post statistics, recent activity feed, and quick-action buttons
  • API token system for external integrations — key generation, revocation, and usage logging
  • Clean URL routing via .htaccess rewrite rules — /post-slug, /category/name, /tag/name, /author/name
Changed files (10)
classes/Post.php Post/page CRUD + revision system
classes/User.php Authentication + role management
classes/Category.php Hierarchical categories
classes/Tag.php Tag management
classes/Media.php Media library + AVIF/WebP conversion
classes/Comment.php Threaded comments
classes/Database.php PDO wrapper with prepared statements
admin/ Complete admin panel (dashboard, posts, pages, media, settings)
themes/ 14+ responsive themes
api/v1/index.php RESTful API with token authentication

Go live today

Setup, content management, SEO and automation — all in one platform. Get started in 30 minutes.

View Pricing
  • Setup and live in 30 minutes
  • 14+ professional themes
  • n8n automation integration
  • Automatic SEO — Sitemap, Schema.org
  • PayPal & iyzico payment support

Be the first to know

New features, release notes & CMS guides — a couple of emails a month, no spam.