Last updated: 30 June 2026
WPShake is a WordPress fleet-management service operated by RebelCode. This page covers two things: the data WPShake collects when you use the dashboard at wpshake.com, and the data the Shake Connect plugin reads from a site once you install it there.
Shake Connect exposes a bearer-token-authenticated REST API that the WPShake dashboard calls to read site state on a schedule you control. It can report:
Shake Connect does not auto-update plugins, themes, or core on its own. It does not collect visitor analytics or personal data about your site's visitors. It only talks to the WPShake dashboard configured on its settings page, and only when that dashboard calls its endpoints with a valid bearer token. The connection token is stored on your site as a SHA-256 hash, not in plain text.
To run the dashboard, show you the state of your fleet, send the alerts and reports you've configured, and improve the service. We don't sell data to third parties, and we don't use your site data to train models without your explicit opt-in.
WPShake runs on Cloudflare's infrastructure (Workers, D1, R2). Data is encrypted in transit (TLS) and access to production data is limited to the people operating the service.
We keep account and audit-log data for as long as your account is active. If you close your account or remove a site from your fleet, we delete the associated connection tokens and stop polling that site. You can request full account deletion at any time by emailing us.
You can access, correct, export, or delete your account data at any time from the dashboard, or by emailing hello@wpshake.com. If you're in the EU/UK, this includes the rights granted under GDPR.
If we make a material change, we'll update the date at the top of this page and, where appropriate, notify account holders by email.
Questions about this policy: hello@wpshake.com.