SiteSignal

SiteSignal is an AI Visibility & Website Health Platform designed to help organisations understand how their brand is represented by AI systems and maintain the technical clarity, stability, and reliability those systems rely on.

SiteSignal unifies five core areas: – AI Visibility — how often and how accurately AI systems mention your brand – AI Visibility Strategy — insights and recommendations for improving visibility – Website Health — foundational structural and technical signals – Website Performance — speed, stability, and reliability – Technical Audits — continuous assessment of clarity, structure, metadata, and discoverability factors

The SiteSignal WordPress plugin acts as a secure data connection between your website and the SiteSignal platform. It collects verified technical, structural, security, and performance signals from your site and transmits them to your SiteSignal dashboard for continuous analysis and monitoring.

Through this plugin, SiteSignal is able to: – Monitor foundational website health signals – Track performance stability and availability – Validate structural clarity and technical integrity – Support continuous technical audits – Ensure accurate and consistent data for AI visibility analysis

The plugin does not perform optimisation, marketing actions, or visibility manipulation. Its role is strictly to provide reliable technical data that powers analysis inside the SiteSignal platform.

External Services: This plugin connects to external services including ip-api.com for IP geolocation, api.wordpress.org for WordPress core information, and api.github.com for enhanced plugin analysis. See the “External Services” section below for complete details about data transmission and privacy.

Key Features

• Login Monitoring – Track successful and failed login attempts with detailed information including IP addresses, user agents, and geographic data
• WordPress Core Status – Monitor WordPress version and check for available updates
• Plugin Monitoring – Track active plugins, their versions, and available updates with intermediate version information
• Theme Monitoring – Monitor active theme status and available updates
• File Integrity Checking – Verify WordPress core files against official checksums to detect unauthorized modifications
• WooCommerce Integration – Monitor recent orders when WooCommerce is active
• REST API Support – External access to monitoring data via secure API endpoints
• Sync Functionality – Incremental data synchronization with external monitoring systems

Security Features

• API key verification with external monitoring systems
• Secure authentication for REST API endpoints
• Input sanitization and validation
• File integrity monitoring with checksum verification
• Login attempt tracking with geographic information
• Nonce protection for form submissions

REST API Endpoints

When an API key is configured, the following endpoints are available:

• /wp-site-monitor/v1/site-info – General site information
• /wp-site-monitor/v1/logins – Login attempt logs
• /wp-site-monitor/v1/logins/sync – Incremental login data sync
• /wp-site-monitor/v1/core-version – WordPress core version status
• /wp-site-monitor/v1/plugins – Active plugins information
• /wp-site-monitor/v1/themes – Theme information
• /wp-site-monitor/v1/integrity – File integrity check results
• /wp-site-monitor/v1/orders – WooCommerce orders (if WooCommerce is active)

Use Cases

• Website Security Monitoring – Track login attempts and detect suspicious activity
• Maintenance Management – Monitor WordPress core, plugin, and theme updates across multiple sites
• File Integrity Verification – Detect unauthorized changes to WordPress core files
• External Monitoring Integration – Connect with external monitoring systems via REST API
• WooCommerce Store Monitoring – Keep track of recent orders and store activity

Requirements

• WordPress 5.0 or higher
• PHP 7.4 or higher
• Optional: WooCommerce plugin for order monitoring features

External Services

This plugin connects to the following external services to provide its functionality:

IP Geolocation Service (ip-api.com)

• Purpose: Obtain geographical location information for login monitoring and security analysis
• Data sent: User’s IP address only
• When: Each time a user logs in to your WordPress site (if geolocation is enabled)
• Frequency: Once per login attempt
• Data retention: This plugin does not store data from this service permanently
• Privacy Policy: http://ip-api.com/docs/legal
• Terms of Service: http://ip-api.com/docs/legal
• User Control: Site administrators can disable geolocation in plugin settings

WordPress Core API (api.wordpress.org)

• Purpose: Check for available WordPress core updates, plugin information, and core file checksums
• Data sent: Current WordPress version, site URL (as User-Agent header), plugin slugs, and locale information
• When: During scheduled update checks and plugin analysis (typically daily)
• Frequency: Multiple times per day during normal plugin operation
• Data retention: This plugin does not store data from this service permanently
• Privacy Policy: https://wordpress.org/about/privacy/
• Terms of Service: https://wordpress.org/about/gpl/
• User Control: This is essential for plugin functionality and cannot be disabled

GitHub API (api.github.com)

• Purpose: Analyze plugin update information from GitHub repositories for enhanced update type detection
• Data sent: Repository information and release data requests
• When: During plugin update analysis (when available)
• Frequency: During plugin update checks (typically daily)
• Data retention: This plugin caches repository information temporarily (24 hours)
• Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
• Terms of Service: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service
• User Control: This is part of the enhanced plugin analysis feature

Data Handling and Privacy

• Local Storage: All monitoring data is stored locally in your WordPress database
• No Personal Data: The plugin does not collect personal user information beyond what’s necessary for monitoring
• Data Retention: Login logs are automatically deleted based on your configured retention period (default: 90 days)
• External Transmission: Data is only sent to external services as described above
• User Rights: Site administrators can clear all plugin data at any time

GDPR Compliance

This plugin respects user privacy and GDPR guidelines: * IP address geolocation is optional and can be disabled * Login monitoring data is stored locally and automatically purged * No personal data is transmitted to external services beyond IP addresses for geolocation * Users can request deletion of their monitoring data through the site administrator

Disabling External Services

• Geolocation: Can be disabled in plugin settings (Settings > Geolocation)
• WordPress API: Cannot be disabled as it’s essential for core functionality
• GitHub API: Used automatically when available, no separate disable option

Privacy Policy

Data Collection

SiteSignal collects and stores the following information locally in your WordPress database:

• Login Attempts: Usernames, IP addresses, user agents, timestamps, and login success/failure status
• System Information: WordPress version, plugin/theme information, file checksums
• WooCommerce Data: Order information if WooCommerce is active (order IDs, customer names, amounts, status)

External Services

This plugin connects to external services as detailed in the “External Services” section above: * IP geolocation via ip-api.com (optional) * WordPress core information via api.wordpress.org (required) * GitHub repository analysis via api.github.com (automatic)

Data Retention

• Login logs are automatically deleted based on your configured retention period (default: 90 days)
• System monitoring data is refreshed during each check
• External service data is not stored permanently

User Rights

• Site administrators can clear all plugin data at any time
• Geolocation can be disabled in plugin settings
• Users can request deletion of their login attempt data through the site administrator

GDPR Compliance

This plugin respects user privacy and follows GDPR guidelines. No personal data is transmitted to external services except IP addresses for optional geolocation purposes.