plugin-icon

Squish Site Patrol

投稿者: squishit·
Complete WordPress security, malware scanning, login protection, and performance monitoring in one clean dashboard.
バージョン
1.5.0
最終更新日時
Apr 12, 2026
Squish Site Patrol

Squish Site Patrol gives your WordPress site a complete health check — security hardening, malware scanning, login protection, and page speed in a single clean dashboard.

Two-Factor Authentication (2FA) * TOTP-based 2FA with QR code setup (Google Authenticator, Authy, etc.) * Custom branded interstitial login page — replaces the default wp-login.php flow * Per-user 2FA enrollment with recovery options

Login Protection * reCAPTCHA v3 on the login page (free tier, no checkbox required) * Geo IP country blocking — restrict logins by country via ipapi.co * Magic link login — send a one-time signed login link to your admin email (Patched) * Failed login attempt monitoring and alerts (Patched) * Detects predictable “admin” username

Security Checks * WordPress core version check * Plugin update status — flags outdated plugins * SSL / HTTPS detection * File editor status check (wp-admin editor) * wp-config.php permissions check (Patched) * XML-RPC status check (Patched) * Debug mode detection (Patched) * Admin account audit — flags inactive admin accounts (Patched) * Database prefix check — flags default wp_ prefix (Patched) * Directory listing detection (Patched) * HTTP security headers check (Patched)

Malware Scanner * Verifies all 3,000+ WordPress core files against official checksums * Detects PHP files hidden in your uploads folder * Scans for dangerous file types (.exe, .sh, .bat) in uploads * User enumeration vulnerability check * Flags any modified core files * Real-time file change monitoring with baseline comparison (Patched)

Email Breach Detection * Checks admin email addresses against HaveIBeenPwned (Patched) * Alerts you if any admin account appears in a known breach

Audit Log * Tracks logins, failed login attempts, plugin installs, settings changes, and scans * 90-day retention with full event history * Filter by event type — login, scan, settings, plugin activity and more * Recent activity strip on the main dashboard

Page Speed & Core Web Vitals * Live Google PageSpeed Insights score * Core Web Vitals — LCP, FCP, and CLS * Mobile performance scoring * Scan any public URL * Inline metric explanations

Reporting * Weekly HTML email reports with a full scan summary (Patched) * Scheduled automatic daily scans (Patched) * Email alerts when issues are detected (Patched) * SSL certificate expiry alerts (Patched)

Dashboard & UX * Clean two-panel layout — Security on the left, Scans & hardening on the right * Hardening tab consolidates all Patched checks in one place * Issues-only toggle on both panels — hide passing checks, focus on what needs fixing * Rescan button with toast notification (no page reload) * Dark mode toggle * Scan spinner and auto-scan status badge * Score cards hidden by default until first scan runs * Inline metric tooltips

Performance * Aggressive transient caching (12–24hr TTL) across all check classes * Zero front-end footprint — all scans run in wp-admin only

Squish Site Patrol Patched — $15/mo

Upgrade to Patched for automatic monitoring and advanced protection:

  • Scheduled automatic daily scans
  • Weekly HTML email reports
  • Email alerts when issues are found
  • Magic link login — passwordless one-time login links
  • Failed login attempt monitoring
  • SSL certificate expiry alerts
  • Real-time file change monitoring with baseline comparison
  • Reset file monitoring baseline after legitimate updates
  • wp-config.php permissions check
  • XML-RPC status check
  • Debug mode detection
  • HTTP security headers check
  • Admin account audit — flags inactive admin accounts
  • Database prefix check — flags default wp_ prefix
  • Directory listing detection
  • Email breach check via HaveIBeenPwned

External Services

Google PageSpeed Insights API

Used to analyze page speed and Core Web Vitals for any URL entered by the user. Data sent: the URL being scanned. This call is only made when the user clicks “Run scan”. * Service: https://developers.google.com/speed/docs/insights/v5/about * Privacy: https://policies.google.com/privacy * Terms: https://developers.google.com/terms

WordPress.org Checksums API

Used to verify the integrity of WordPress core files by comparing them against official checksums. No user data is sent — only the WordPress version number and locale. * Service: https://api.wordpress.org/core/checksums/1.0/ * Privacy: https://wordpress.org/about/privacy/

ipapi.co

Used to determine the country of origin for login attempts when Geo IP country blocking is enabled. Data sent: the visitor’s IP address. This check only runs on the login page when the feature is active. * Service: https://ipapi.co * Privacy: https://ipapi.co/privacy/

HaveIBeenPwned API (Patched only)

Used to check if admin email addresses appear in known data breach databases. Requires a valid HIBP API key configured in settings. * Service: https://haveibeenpwned.com/API/v3 * Privacy: https://haveibeenpwned.com/Privacy * Terms: https://haveibeenpwned.com/API/v3#license

Freemius

Used to manage the Patched premium subscription, licensing, and payments. Data sent upon upgrade: site URL, WordPress version, plugin version, and user email if the user opts in. * Service: https://freemius.com * Privacy: https://freemius.com/privacy/ * Terms: https://freemius.com/terms/

無料有料プラン
インストールすることで、WordPress.com の利用規約サードパーティプラグイン利用規約に同意したことになります。
最大テスト回数
WordPress 6.9.4
このプラグインをダウンロードして、 サイトに使用できます。