SPM by Marwan

SPM by Marwan is a professional-grade diagnostics and intelligence platform designed for WordPress administrators and developers. It provides deep visibility into your WordPress ecosystem, offering real-time monitoring, security auditing, and performance profiling to ensure your site remains fast, secure, and stable.

The Problem

Managing a modern WordPress ecosystem is inherently complex. Site owners and developers frequently struggle with:

• Slow Extensions: Identifying which specific extension is degrading page load times or consuming excessive server resources.
• Hidden PHP Errors: Unseen warnings and fatal errors that silently break functionality or create vulnerabilities.
• Security Risks: Unmaintained, abandoned, or vulnerable code exposing the site to potential exploits.
• Trust Issues: Uncertainty regarding an extension’s origin, development standards, and code quality.
• Update Degradation: Performance regressions and unexpected conflicts introduced immediately after updates.

Core Features

• Real-Time Monitoring Engine: Actively tracks resource consumption, database queries, and execution times for every active extension. Identifies performance bottlenecks as they happen, preventing systemic slowdowns.
• Performance Diagnostics: Deep-dive profiling for individual extensions. Analyzes memory footprint and script execution to provide actionable intelligence on resource utilization.
• Security & Integrity Scanner: Proactively audits installed extensions against known vulnerability databases, flags high-risk code patterns, and verifies WordPress core files against official checksums to detect malicious tampering.
• Japanese SEO Spam Auto-Fix Engine: A specialized, deep-scanning engine designed to detect and eradicate the notorious “Japanese Keyword Hack”. Features a one-click Auto-Fix that intelligently restores or quarantines hijacked posts to protect your Google ranking without destroying your original content.

Advanced Security: Defeating the Japanese SEO Keyword Hack

The “Japanese Keyword Hack” is a devastating black-hat SEO attack where hackers exploit vulnerabilities in outdated plugins to inject massive amounts of auto-generated Japanese text and malicious links into your database and core files. This causes Google to flag your site as “hacked,” instantly destroying your SEO ranking.

SPM by Marwan includes a highly specialized engine specifically built to defeat this attack:

• Deep Database Scanning: Actively crawls your wp_posts and wp_options tables, utilizing advanced Unicode block detection to find injected Japanese Hiragana, Katakana, and Kanji spam hidden within your legitimate content.
• Intelligent Auto-Fix (No Data Loss): When you click “Auto-Fix”, the scanner doesn’t just blindly delete your hijacked posts. Instead, it scans the WordPress Revision History for each infected post. It finds the last “clean” version of your post (before the hacker touched it) and seamlessly restores it.
• Fail-Safe Quarantining: If a post was created entirely by the hacker (meaning no clean revision exists), or if you have revisions disabled, the engine will safely quarantine the post by setting its status to Draft. This instantly removes the spam from the public internet—stopping the SEO bleed—while preserving the draft in your admin panel so you don’t lose any data.
• Orphaned File Detection: Scans your entire server structure to locate and quarantine backdoor PHP scripts that hackers leave behind to reinfect your site after you clean it.
• Core Checksum Verification: Verifies every single WordPress core file against the official WordPress.org cryptographic checksums to detect hidden cloaking scripts.
• Trust Verification: Evaluates code based on developer reputation, update frequency, repository standing, and code integrity. Establishes a trust score to help you make informed decisions about your technology stack.
• Historical Analytics: Maintains a robust ledger of performance and security metrics over time. Visualizes trends to help you understand the long-term impact of specific extensions and updates.
• Action Layer (Scan / Safe Mode / Reporting): Provides immediate remediation tools. Execute targeted scans, isolate problematic extensions using Safe Mode, and generate comprehensive diagnostics reports.

External Services

This plugin utilizes the WordPress.org Plugins API (https://api.wordpress.org) to verify plugin licenses and retrieve information about installed plugins. * What data is sent: The names and slugs of your active plugins are sent in the API request. * When it is sent: Data is sent when the plugin performs a scheduled background scan or when you manually click “Deep Scan” or “Refresh Now” on the dashboard. * Why it is used: To verify that the plugins running on your site are authentic, properly licensed, and available on the official WordPress.org directory, which enhances your site’s security and trust metrics.

For more information, please refer to the WordPress.org Privacy Policy.