One-V LLM Serve

FAQ

Does activating the plugin change my existing pages?

No. The plugin only responds to .md URLs, /llms.txt, and the ?format=markdown query parameter. All existing HTML URLs are unaffected.

Will the `.md` URLs hurt my SEO?

No. .md responses are served with X-Robots-Tag: noindex, follow, so search engines do not index the Markdown variants and the canonical HTML page remains the sole entry in Google/Bing/etc. The Link: rel="alternate"; type="text/markdown" header on each HTML page advertises the Markdown alternate to AI consumers without exposing it to SERPs.

Does it work with password-protected posts?

No. Password-protected and private posts return 404 on the .md URL. Only published posts are served.

What Markdown flavour is used?

CommonMark-compatible Markdown via league/html-to-markdown. ATX-style headings (#), inline links ([text](url)), and fenced code blocks.

Where is the Markdown cached?

In WordPress transients (database by default, or your object cache). Entries are invalidated when the post is saved, when ACF fields or settings change, or when you click Clear cache — a long safety-net expiry also lets any orphaned entry clear itself on object-cache setups.

The `.md` URL returns 404 after activation.

Go to Settings → Permalinks and click Save Changes to flush rewrite rules.

Can I disable Markdown for specific posts?

Yes. Two ways:

1. Check Exclude from Markdown in the One-V LLM Serve metabox on the post editor.
2. Return '' from an ovls_markdown filter callback.

Does it work with page builders like Elementor or Divi?

Yes. Any builder that hooks into the_content is supported (Elementor, Divi, WPBakery, Beaver Builder). For builders that bypass the_content, the plugin falls back to fetching the rendered frontend HTML and extracting the main content area.

Is it compatible with caching plugins?

Yes. Markdown is stored in WordPress transients. Object caches (Redis, Memcached) work transparently — and Clear cache correctly invalidates them, not just the database. Full-page caching layers (WP Rocket, W3 Total Cache, LiteSpeed Cache) serve fresh Markdown on the next request after a save.

/llms.txt returns 404 on WPEngine / Kinsta / managed nginx hosts

Some managed WordPress hosts configure their nginx to serve static file extensions (.txt, .xml, …) directly from disk without passing the request to WordPress. When the file is generated dynamically by a plugin, that produces a 404 because nothing exists on disk.

Fix: enable Settings → One-V LLM Serve → Write llms.txt to disk. The plugin then maintains a real /llms.txt file at the site root, regenerating it on every post save, ACF change, or settings update. The file carries a marker comment on the first line; the plugin refuses to overwrite a /llms.txt it did not create. On plugin deletion the managed file is removed via uninstall.php.

Does disk-mode work on WordPress installed in a subdirectory or on multisite?

Not currently. The disk-mode writer assumes WordPress is installed at the site root (ABSPATH is the public root). Subdirectory installs (/wp/) and multisite are not supported by disk-mode yet — for those, the dynamic rewrite-rule path is still available on hosts where nginx forwards .txt requests to PHP (most hosts other than WPEngine/Kinsta).

My .md endpoint returns the same X-Robots-Tag to every bot. Why?

The plugin sends a User-Agent-conditional X-Robots-Tag: AI crawlers (GPTBot, ClaudeBot, PerplexityBot, …) get index, follow so they will use the Markdown variant, while traditional search engines (Bingbot, Googlebot, …) get noindex, follow so the canonical HTML page remains the sole entry in SERPs. To keep shared caches from collapsing the two variants into one, the response carries Vary: User-Agent and Cache-Control: private, max-age=0, must-revalidate.

These signals work on standard WordPress hosting. They can be overridden by edge layers in specific hosting / CDN configurations:

• Some managed WordPress hosts (Kinsta, WPEngine, Pressable, SiteGround, and others) ship default edge caching that treats static-looking file extensions like .md as long-lived static assets and rewrites the plugin’s Cache-Control header to a public, long-max-age value.
• Some CDNs (most notably Cloudflare on its default cache key) ignore Vary: User-Agent entirely — they cache one variant per URL and serve it to every visitor regardless of UA.

When one of these is in front of your site, the first .md request to reach the edge caches the response for everyone afterwards. The plugin is still doing the right thing at origin, but visitors only ever see the cached copy.

Diagnosing it. Open a terminal and run:

curl -skI -A "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" https://example.com/your-page.md

Headers to look for:

• cf-cache-status: HIT (Cloudflare), x-kinsta-cache: HIT, x-cache: HIT (generic) — the response is coming from the edge cache.
• age: <large number> — the response has been sitting in cache for that many seconds.
• cache-control: public, max-age=<large> instead of the plugin’s private, max-age=0 — your host or CDN has rewritten it.

Then add a cache-busting query string and try again:

curl -skI -A "Mozilla/5.0 (compatible; bingbot/2.0; …)" "https://example.com/your-page.md?cb=12345"

If the headers are now correct (x-robots-tag: noindex, follow for Bingbot, index, follow for an AI UA), the plugin is fine — the edge is the source of the problem.

Fixing it. The fix has to be applied at the layer that is caching, not in WordPress. Common remedies:

• On the CDN, exclude *.md URLs from any “Cache Everything” rule, or add a Bypass Cache rule for them.
• On managed hosts, contact support and ask them to exempt *.md from the host’s edge cache (so the plugin’s Cache-Control: private is honoured).
• If neither is available, enable Allow search engines to index .md (advanced) at One-V LLM Serve → Settings — the plugin then sends index, follow to every UA. The behavior is consistent at the cost of allowing search engines to index the Markdown variants alongside the HTML pages.

What does the AI bot analytics feature collect?

For each .md request the plugin stores: the timestamp, the User-Agent string (deduplicated via a small dictionary table — one row per unique UA), the referrer hostname only (path and query string are stripped), the requested post or term and its post type / taxonomy, the post language, and the HTTP response code (200 / 304 / 404).

Never stored: IP addresses, cookies, session identifiers, geolocation, full referrer URLs with query strings, or any user-account data. Counts visits exclusively to .md URLs — the regular HTML pages are not tracked.

Detailed per-hit events are kept for the number of days you choose in Settings (default: 365). Older events can optionally be rolled up into a daily aggregate table for long-term trend charts — the aggregate retains only the bucket / language / referrer-bucket / response-code dimensions, no per-UA or per-post detail. Daily WP-cron ovls_events_cleanup enforces the retention.

Analytics is enabled by default and can be turned off at One-V LLM Serve → Settings. All stored data can be wiped at One-V LLM Serve → Analytics → Reset analytics. Uninstalling the plugin drops the three analytics tables (ovls_events, ovls_ua_dict, ovls_events_archive) completely.

Why doesn’t my analytics show every AI bot that visits?

The plugin classifies crawlers by their User-Agent header. Almost all major AI companies (OpenAI, Anthropic, Perplexity, Google, Apple, Amazon, Meta, ByteDance, Cohere, Mistral, Common Crawl, …) honestly self-identify because they have publicly committed to respecting robots.txt. Those are detected accurately.

However, some traffic is invisible to User-Agent-based detection:

• Stealth crawlers that spoof a regular browser User-Agent (some training-data brokers, certain less-ethical scrapers).
• Agentic browsers like OpenAI Operator or Claude/Claude-Browse running an actual headless Chrome — technically indistinguishable from a human visit at the header level.
• AI assistants that ingest a page through an integrated third-party fetcher (e.g. a python-requests script) — these show up under “Other bot” rather than the underlying model.

For these the plugin records what it can — they will appear in the “Other bot” bucket or the “Browser” bucket with a sub-classification that flags the request as a Playwright-class headed agent, a script agent, or a UA-shape spoofer rather than a real user. The plugin’s bot signature list is updated each release as new identifiers are publicly documented.

How do you tell a real human from a scraper that imitates a browser User-Agent?

By looking at request headers that real browsers emit automatically and bare HTTP clients usually don’t. Specifically:

• Sec-Fetch-User: ?1 — present only when the navigation was triggered by user activation (link click, address-bar Enter, tap-out from an AI app to the system browser). Programmatic navigation in Playwright/Puppeteer doesn’t set it.
• Sec-CH-UA brand list — a real downstream browser (Chrome, Edge, Brave, Opera, Vivaldi, Yandex, Samsung Internet, Arc, DuckDuckGo) announces its brand here. The open-source Chromium build that Playwright runs by default does not — it identifies as bare "Chromium". Detectable difference.
• Sec-Fetch-Site — sent by every modern browser since Safari 16.4 (March 2023). Absence indicates the request didn’t come from a browser engine at all.
• User-Agent shape — Chrome ≥ 110 must report Chrome/X.0.0.0 (User-Agent Reduction); a UA claiming Chrome/133.0.6943.141 with non-zero minor digits is impossible for a real browser and flags the request as a copy-pasted scraper UA.

Combined, these four signals split the “Browser” bucket into verified user, headed agent (real Chromium under automation), script agent (curl/httpx/requests imitating a UA), and spoofer (impossible UA shape). None of this requires JavaScript or cookies — it’s all server-side inspection of the HTTP request the client already sent.

A motivated scraper can manually set these headers to bypass detection. The classifier doesn’t claim to catch every bot ever — it catches default-configuration tools, which is the vast majority.

Is the analytics feature GDPR-compliant?

The events store no personal data — no IP addresses, no user identifiers, no cookies, no full referrer URLs (the path and query string are stripped before storage, so utm parameters or any PII that might be encoded in a URL never reach the database). User-Agent strings, Fetch Metadata Request Headers (Sec-Fetch-Site, Sec-Fetch-User), and User-Agent Client Hints (Sec-CH-UA) are technical request-level metadata used to classify automated crawlers and tell browser-class clients apart from script-class clients — they carry strictly less information than the User-Agent and don’t, on their own or in combination, identify a person. The plugin relies on legitimate-interest (Art. 6(1)(f)) as the lawful basis — server-side bot analytics is widely accepted as a legitimate interest, and the suggested privacy text at Tools → Privacy discloses precisely what is collected so it can be copied into your site policy.

If your jurisdiction requires explicit user disclosure for any server-side analytics, you can turn the feature off at One-V LLM Serve → Settings.