Title: Proofing Pins
Author: Lovedeep
Published: <strong>May 27, 2026</strong>
Last modified: May 27, 2026

---

Search plugins

![](https://ps.w.org/proofing-pins/assets/banner-772x250.png?rev=3551226)

![](https://s.w.org/plugins/geopattern-icon/proofing-pins_192f5c.svg)

# Proofing Pins

 By [Lovedeep](https://profiles.wordpress.org/punjabideveloper/)

[Download](https://downloads.wordpress.org/plugin/proofing-pins.0.1.1.zip)

 * [Details](https://li.wordpress.org/plugins/proofing-pins/#description)
 * [Reviews](https://li.wordpress.org/plugins/proofing-pins/#reviews)
 *  [Installation](https://li.wordpress.org/plugins/proofing-pins/#installation)
 * [Development](https://li.wordpress.org/plugins/proofing-pins/#developers)

 [Support](https://wordpress.org/support/plugin/proofing-pins/)

## Description

Proofing Pins lets clients and reviewers click anywhere on your site’s frontend 
to drop a comment pinned to that exact spot. Each pin is captured with a viewport
screenshot so developers see what the reviewer saw. All comments live in a focused
Proofing dashboard in wp-admin — no more “the button under the banner thing” emails.

**Core features**

 * **Pin-point comments:** reviewers click, type, submit — pin is saved with a screenshot
   that has the pin baked into the image at the click location.
 * **Modern capture:** uses the html-to-image library (SVG foreignObject renderer)
   for reliable screenshots even on Elementor or block-theme pages.
 * **Responsive anchoring:** pins are stored against the clicked element (selector
   + percentage-within-element), so they follow the element across viewport sizes.
 * **Threaded replies:** native WordPress comments attached to each pin for discussion
   between reviewers and developers.
 * **Admin dashboard:** list + grid views, status workflow (Open / In Progress /
   Resolved / Archived), bulk actions.
 * **Guest comments:** optional — let logged-out visitors leave pins with a one-
   time name/email prompt (cookie-remembered for 30 days), with honeypot + per-IP
   rate limiting.
 * **AI suggestions (optional, BYO key):** bring your own OpenAI, Anthropic, Google
   Gemini, or OpenRouter API key. Each pin gets a one-paragraph suggestion on what
   to change.
 * **Elementor-aware Apply button:** when the AI proposes an allowlisted change (
   heading text, button text, color), a before/after preview appears with an “Apply
   to Elementor” button. Applies the change to the live page, saves a WordPress 
   revision, one-click revert available.
 * **Microsoft Teams notifications (optional):** post pin activity directly to a
   Teams channel using a Workflow webhook. Pick which events you want — new pins,
   replies, and per-status transitions (Open / In Progress / Resolved / Archived).
   Each notification is an Adaptive Card with the comment, author, page, status,
   and (where small enough) the screenshot. Webhook URL is stored encrypted at rest;
   one-click “Send test message” verifies the wire.

**Data, privacy, and third-party services**

 * The plugin does not send any data to third parties by default.
 * The AI feature is **opt-in**. You provide your own API key; requests go directly
   from your WordPress server to the provider you configure (OpenAI, Anthropic, 
   Google, or OpenRouter). No data is sent to the plugin author. When enabled, each
   new pin’s comment text, captured element HTML, and metadata are sent to the configured
   provider so it can generate a suggestion — consult your provider’s privacy policy.
 * The Microsoft Teams integration is **opt-in**. You provide your own Teams Workflow
   webhook URL; notifications are posted directly from your WordPress server to 
   that webhook (typically a Microsoft-hosted Azure Logic Apps endpoint). No data
   is sent to the plugin author. Payloads include the pin comment, author name, 
   page URL, status, and a heavily compressed thumbnail when one fits — see “External
   Services” below for the exact contract.
 * Screenshots are stored locally in your WordPress uploads folder — never uploaded
   elsewhere.
 * Guest identities (name + email) are stored in a cookie (`proopin_guest_identity`)
   for 30 days only on the visitor’s own browser.
 * When guest commenting is enabled, the plugin stores a short hash of each guest
   submitter’s IP address (first 16 characters of the MD5 hash) for the sole purpose
   of rate-limiting abusive submissions. Raw IP addresses are never stored.

### External Services

This plugin can connect to third-party services only when their corresponding integration
is explicitly enabled. **Every integration is opt-in and disabled by default.** 
No external connections are made unless you turn on a feature and provide its credential(
API key for AI, webhook URL for Teams) in the plugin’s settings screens.

When AI is enabled and a new pin is created (or you manually trigger a suggestion),
the following data is sent from your WordPress server directly to your configured
AI provider: the pin’s comment text, the page URL, the page title, the clicked element’s
tag name and a short HTML snippet, and the element’s CSS selector. No data is sent
to the plugin author at any time.

When Microsoft Teams is enabled, the following data is sent from your WordPress 
server directly to the Workflow webhook you configured (typically a Microsoft-hosted
endpoint at logic.azure.com): the pin’s comment text, the author’s display name (
or guest name), the page URL, the pin status, the event type, and — only when it
fits inside Teams’ card-size budget — a heavily compressed JPEG thumbnail of the
pin’s screenshot. The webhook URL is supplied by you and points to whatever channel/
workflow you set up in Teams; the plugin does not contact any other Microsoft endpoint.
No data is sent to the plugin author at any time.

Only the providers you configure are contacted. Each supported service is documented
below.

#### OpenAI

Used for: generating AI pin suggestions and listing available models.
 Data sent:
pin comment, page URL, element context (tag, HTML snippet, selector). Sent when:
AI suggestions are enabled and a pin is created (if auto-suggest is on), or when
you click “Regenerate suggestion” in the pin detail view.

 * Service: https://openai.com/
 * Terms of Use: https://openai.com/policies/terms-of-use
 * Privacy Policy: https://openai.com/policies/privacy-policy

#### Anthropic

Used for: generating AI pin suggestions and listing available models.
 Data sent:
pin comment, page URL, element context (tag, HTML snippet, selector). Sent when:
AI suggestions are enabled and a pin is created (if auto-suggest is on), or when
you click “Regenerate suggestion”.

 * Service: https://www.anthropic.com/
 * Terms of Service: https://www.anthropic.com/legal/consumer-terms
 * Privacy Policy: https://www.anthropic.com/legal/privacy

#### Google Gemini (Generative Language API)

Used for: generating AI pin suggestions and listing available models via Google’s
Generative Language API (generativelanguage.googleapis.com).
 Data sent: pin comment,
page URL, element context (tag, HTML snippet, selector). Sent when: AI suggestions
are enabled and a pin is created (if auto-suggest is on), or when you click “Regenerate
suggestion”.

 * Service: https://ai.google.dev/
 * Terms of Service: https://ai.google.dev/gemini-api/terms
 * Privacy Policy: https://policies.google.com/privacy

#### OpenRouter

Used for: generating AI pin suggestions and listing available models via the OpenRouter
gateway (openrouter.ai).
 Data sent: pin comment, page URL, element context (tag,
HTML snippet, selector). Sent when: AI suggestions are enabled and a pin is created(
if auto-suggest is on), or when you click “Regenerate suggestion”.

 * Service: https://openrouter.ai/
 * Terms of Service: https://openrouter.ai/terms
 * Privacy Policy: https://openrouter.ai/privacy

#### Microsoft Teams (via user-configured Workflow webhook)

Used for: posting pin activity (new pin, new reply, status change) to a Microsoft
Teams channel as Adaptive Cards.
 Data sent: pin comment, author display name (or
guest name), page URL, pin status, event type, and — when small enough to fit Teams’
card payload budget — a heavily compressed JPEG thumbnail of the pin screenshot.
Sent when: the Teams integration is enabled, a webhook URL is configured, and the
corresponding event happens on a pin. Also sent on demand when the admin clicks “
Send test message” on the Teams settings screen.

The destination URL is provided entirely by you. The plugin only posts to whichever
Workflow webhook URL you save (typically a Microsoft-hosted endpoint at https://*.
logic.azure.com/ — created by Teams’ “Post to a channel when a webhook request is
received” workflow template). The webhook URL is stored encrypted at rest.

 * Service: https://www.microsoft.com/en-us/microsoft-teams/group-chat-software
 * Terms of Service: https://www.microsoft.com/en-us/servicesagreement/
 * Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement

### Third-Party Libraries

 * **html-to-image** (bubkoo/html-to-image, MIT License) — bundled as `assets/js/
   html-to-image.min.js`. Used for client-side viewport screenshot generation.

## Screenshots

 * [[
 * Reviewer view — floating button, click-to-pin mode, composer popover.
 * [[
 * Admin dashboard list view with status chips and page filters.
 * [[
 * Pin detail — captured screenshot with baked-in pin, threaded replies, status 
   control, AI suggestion.
 * [[
 * AI Integration settings — provider, model, API key with test-connection.
 * [[
 * Apply to Elementor — before/after preview with revert.

## Installation

 1. Upload the `proofing-pins` folder to `/wp-content/plugins/` or install through 
    the WordPress Plugins screen.
 2. Activate the plugin through the Plugins screen in WordPress.
 3. Visit **Proofing  Settings** to configure the floating-button position, brand color,
    and guest-comments toggle.
 4. (Optional) Visit **Proofing  AI Integration** to enable AI suggestions — enter 
    your provider API key and pick a model.
 5. (Optional) Visit **Proofing  Teams Integration** to enable Microsoft Teams notifications—
    paste your Workflow webhook URL and pick which events you want to be notified about.

## FAQ

### Does this work with Elementor?

Yes. The plugin detects Elementor widgets, links directly to them in the editor,
and (when AI is configured) can propose and 1-click apply text / color changes to
heading, button, and text-editor widgets.

### Does it work with block themes?

Yes. Pin capture and rendering work with Twenty Twenty-Four / Twenty Twenty-Five
and other block themes.

### Do I need an AI subscription?

No. AI suggestions are entirely optional. The pin-and-comment workflow works without
them.

### Who can leave pins?

By default, any logged-in user with the `proopin_create_pin` capability. You can
enable guest pins in Settings; guests see a one-time name/email prompt before posting.

### How are API keys stored?

Encrypted at rest with AES-256-CBC using a key derived from `AUTH_KEY`. The stored
setting row is non-autoloaded. The raw key is never returned by the REST API — only
a masked preview.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Proofing Pins” is open source software. The following people have contributed to
this plugin.

Contributors

 *   [ Lovedeep ](https://profiles.wordpress.org/punjabideveloper/)
 *   [ lovedeep5 ](https://profiles.wordpress.org/lovedeep5/)

[Translate “Proofing Pins” into your language.](https://translate.wordpress.org/projects/wp-plugins/proofing-pins)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/proofing-pins/), check
out the [SVN repository](https://plugins.svn.wordpress.org/proofing-pins/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/proofing-pins/) 
by [RSS](https://plugins.trac.wordpress.org/log/proofing-pins/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 0.1.1

 * New: Microsoft Teams integration. Post pin activity (new pin, replies, status
   changes) to a Teams channel via a Workflow webhook. Opt-in, off by default; webhook
   URL stored encrypted at rest; per-event toggles; one-click “Send test message”.
 * Security: tighten REST API permission callbacks. `GET /pins/{id}` now requires
   the caller to be a manager or the pin’s author; `GET /pins` requires non-managers
   to scope the listing to a single `page_url` and never returns archived pins to
   non-managers; `POST /pins/{id}/replies` is restricted to logged-in users with
   the create capability (guests can no longer reply).
 * Security: apply identical honeypot + per-IP rate-limit + identity sanitization
   to any guest-driven write request.
 * Security: guest rate-limit no longer trusts client-supplied `X-Forwarded-For`(
   spoofable — would let attackers bypass rate-limits and inflate `wp_options` with
   throw-away transient rows). Only `REMOTE_ADDR` is used by default; sites behind
   a trusted reverse proxy can hook the new `proofingpins_guest_ip` filter to use
   their proxy’s real-client-IP header.
 * Cleanup: deleting a pin now also clears any pending AI-suggestion cron event 
   scheduled for that pin (no more orphan cron rows).
 * Cleanup: uninstall now also clears pending AI cron events and sweeps the plugin’s
   transients (per-IP rate-limit + cached provider model lists), in addition to 
   deleting pin posts, screenshots, thumbnails, replies, settings, and capabilities.
 * Rename: all internal identifiers (option names, capabilities, post type, post
   statuses, post meta keys, transients, comment type, script handles, JS globals,
   CSS classes, cookies, query parameters) migrated from the `pp_` / `pp-` / `PP_`
   prefix to the longer `proopin_` / `proopin-` / `PROOPIN_` prefix to satisfy the
   WordPress.org 4-character-minimum prefix requirement and prevent collisions with
   other plugins.

#### 0.1.0

 * Initial release.
 * Pin capture via html-to-image with element-anchored responsive positioning.
 * Admin dashboard (list/grid), status workflow, bulk actions.
 * Guest comments with identity cookie + rate limit + honeypot.
 * AI suggestions (OpenAI / Anthropic / Gemini / OpenRouter) with dynamic model 
   discovery.
 * Elementor-aware suggestions and 1-click Apply / Revert for allowlisted widget
   settings.

## Meta

 *  Version **0.1.1**
 *  Last updated **21 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.3 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/proofing-pins/)
 * Tags
 * [client review](https://li.wordpress.org/plugins/tags/client-review/)[comments](https://li.wordpress.org/plugins/tags/comments/)
   [elementor](https://li.wordpress.org/plugins/tags/elementor/)[feedback](https://li.wordpress.org/plugins/tags/feedback/)
   [proofing](https://li.wordpress.org/plugins/tags/proofing/)
 *  [Advanced View](https://li.wordpress.org/plugins/proofing-pins/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/proofing-pins/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/proofing-pins/reviews/)

## Contributors

 *   [ Lovedeep ](https://profiles.wordpress.org/punjabideveloper/)
 *   [ lovedeep5 ](https://profiles.wordpress.org/lovedeep5/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/proofing-pins/)