Fix: Only auto register settings if the plugin the connector references is installed and active

[jorgefilipecosta]

_wp_register_default_connector_settings() in
src/wp-includes/connectors.php is hooked to init (priority 20) and walks
every connector returned by wp_get_connectors(). For each connector that
declares authentication.method = 'api_key' and an
authentication.setting_name, it calls register_setting( 'connectors', … )
so the setting is registered and available.

Before this change, the only gate applied to non-AI connector types was that the setting had not already been registered. In practice this meant:

1. A connector for plugin B registered by another plugin (plugin A) would have its API key setting auto-registered even when the owning service plugin was not installed or not active.
2. The "orphan" setting then appeared in the /wp-json/wp/v2/settings response for a service that could not actually consume them.
3. For ai_provider connectors this was already handled — the function skipped providers that the AI Client registry did not know about — but the equivalent guard was missing for every other connector type.

The root cause is that the non-AI branch had no mechanism to ask the owning
plugin "are you actually here?" before exposing the setting.

Uses is_active connector proposed by @iamadisingh at https://core.trac.wordpress.org/ticket/65020.

PR fixing this issue at ​https://github.com/WordPress/wordpress-develop/pull/11564.

Testing

Verify the connectors page works as before.
Verify the unit tests pass.

[iamadisingh]

Hi @jorgefilipecosta, updated PR ​https://github.com/WordPress/wordpress-develop/pull/11565 to address this issue.

_wp_register_default_connector_settings() now checks whether the owning plugin is active before registering the api_key setting for non-AI connectors. Uses the is_active callback if provided, falling back to is_plugin_active(). If neither confirms the plugin is active, registration is skipped.

## Summary

• keep connector setting auto-registration unchanged for AI providers
• only auto-register non-AI connector settings when plugin.is_active exists, is callable, and returns true
• add focused PHPUnit coverage for the AI and non-AI registration paths
• The current behavior is wrong if plugin A registers a connector for plugin B we were having a bug where its settings were registered and exposed in REST even if plugin B was not installed and activated. This fixes the issue.

Ticket: https://core.trac.wordpress.org/ticket/65099
## Testing

• Verify the connectors page works as before.
• Verify the unit tests pass.

[jorgefilipecosta]

Hi @iamadisingh, thanks so much for your work on this! Unfortunately, I don't think we can go with the approach in ​https://github.com/WordPress/wordpress-develop/pull/11565. is_plugin_active isn't something we should be calling in REST API requests, for example. I've actually been handling this over in #11564.
What do you think about reverting your PR to just include the is_active callback addition as before? That approach was working well and was good to go, and then we could land your PR alongside #11564. Would that work for you?
Thanks again for the help here! 🙏

Replying to iamadisingh:

Hi @jorgefilipecosta, updated PR ​https://github.com/WordPress/wordpress-develop/pull/11565 to address this issue.

_wp_register_default_connector_settings() now checks whether the owning plugin is active before registering the api_key setting for non-AI connectors. Uses the is_active callback if provided, falling back to is_plugin_active(). If neither confirms the plugin is active, registration is skipped.

[iamadisingh]

Done @jorgefilipecosta. I’ve narrowed the PR back to the original is_active callback scope and left the broader plugin-registration guard for ​https://github.com/WordPress/wordpress-develop/pull/11564, as you suggested.

[JeffPaul]

@gziolo this looks like its ready for review and consideration for commit

[audrasjb]

As per today's bug scrub: @peterwilsoncc left a good point in ​this comment. Waiting for @jorgefilipecosta to update his PR.
Otherwise the changeset looks good to me.

[gziolo]

It's looking solid after the round of feedback applied.

[jorgefilipecosta]

In 62289:

Connectors: Gate default setting auto-registration on is_active.

Update _wp_register_default_connector_settings() to register a connector's
default API key setting only when the connector's plugin.is_active callback
returns true.
Add tests covering the gate's branches: setting skipped when is_active
returns false, setting registered when it returns true.

Props jorgefilipecosta, gziolo, peterwilsoncc.
Fixes #65099.

[JeffPaul]

Reopening for merge to the 7.0 branch pending committer sign off.

[desrosj]

[62289] looks good to backport.

[desrosj]

In 62306:

Connectors: Gate default setting auto-registration on is_active.

Update _wp_register_default_connector_settings() to register a connector's default API key setting only when the connector's plugin.is_active callback returns true.

Add tests covering the gate's branches: setting skipped when is_active returns false, setting registered when it returns true.

Reviewed by desrosj.
Merges [62289] to the 7.0 branch.

Props jorgefilipecosta, gziolo, peterwilsoncc.
Fixes #65099.