plugin-icon

Squish Site Patrol

제작자: squishit·
Complete WordPress security, malware scanning, login protection, and performance monitoring in one clean dashboard.
login protection
malware scanner
security
평가
상품평 추가하기
버전
1.5.0
최근 업데이트일
Apr 12, 2026
Squish Site Patrol

Squish Site Patrol gives your WordPress site a complete health check — security hardening, malware scanning, login protection, and page speed in a single clean dashboard.

Two-Factor Authentication (2FA) * TOTP-based 2FA with QR code setup (Google Authenticator, Authy, etc.) * Custom branded interstitial login page — replaces the default wp-login.php flow * Per-user 2FA enrollment with recovery options

Login Protection * reCAPTCHA v3 on the login page (free tier, no checkbox required) * Geo IP country blocking — restrict logins by country via ipapi.co * Magic link login — send a one-time signed login link to your admin email (Patched) * Failed login attempt monitoring and alerts (Patched) * Detects predictable “admin” username

Security Checks * WordPress core version check * Plugin update status — flags outdated plugins * SSL / HTTPS detection * File editor status check (wp-admin editor) * wp-config.php permissions check (Patched) * XML-RPC status check (Patched) * Debug mode detection (Patched) * Admin account audit — flags inactive admin accounts (Patched) * Database prefix check — flags default wp_ prefix (Patched) * Directory listing detection (Patched) * HTTP security headers check (Patched)

Malware Scanner * Verifies all 3,000+ WordPress core files against official checksums * Detects PHP files hidden in your uploads folder * Scans for dangerous file types (.exe, .sh, .bat) in uploads * User enumeration vulnerability check * Flags any modified core files * Real-time file change monitoring with baseline comparison (Patched)

Email Breach Detection * Checks admin email addresses against HaveIBeenPwned (Patched) * Alerts you if any admin account appears in a known breach

Audit Log * Tracks logins, failed login attempts, plugin installs, settings changes, and scans * 90-day retention with full event history * Filter by event type — login, scan, settings, plugin activity and more * Recent activity strip on the main dashboard

Page Speed & Core Web Vitals * Live Google PageSpeed Insights score * Core Web Vitals — LCP, FCP, and CLS * Mobile performance scoring * Scan any public URL * Inline metric explanations

Reporting * Weekly HTML email reports with a full scan summary (Patched) * Scheduled automatic daily scans (Patched) * Email alerts when issues are detected (Patched) * SSL certificate expiry alerts (Patched)

Dashboard & UX * Clean two-panel layout — Security on the left, Scans & hardening on the right * Hardening tab consolidates all Patched checks in one place * Issues-only toggle on both panels — hide passing checks, focus on what needs fixing * Rescan button with toast notification (no page reload) * Dark mode toggle * Scan spinner and auto-scan status badge * Score cards hidden by default until first scan runs * Inline metric tooltips

Performance * Aggressive transient caching (12–24hr TTL) across all check classes * Zero front-end footprint — all scans run in wp-admin only

Squish Site Patrol Patched — $15/mo

Upgrade to Patched for automatic monitoring and advanced protection:

  • Scheduled automatic daily scans
  • Weekly HTML email reports
  • Email alerts when issues are found
  • Magic link login — passwordless one-time login links
  • Failed login attempt monitoring
  • SSL certificate expiry alerts
  • Real-time file change monitoring with baseline comparison
  • Reset file monitoring baseline after legitimate updates
  • wp-config.php permissions check
  • XML-RPC status check
  • Debug mode detection
  • HTTP security headers check
  • Admin account audit — flags inactive admin accounts
  • Database prefix check — flags default wp_ prefix
  • Directory listing detection
  • Email breach check via HaveIBeenPwned

External Services

Google PageSpeed Insights API

Used to analyze page speed and Core Web Vitals for any URL entered by the user. Data sent: the URL being scanned. This call is only made when the user clicks “Run scan”. * Service: https://developers.google.com/speed/docs/insights/v5/about * Privacy: https://policies.google.com/privacy * Terms: https://developers.google.com/terms

WordPress.org Checksums API

Used to verify the integrity of WordPress core files by comparing them against official checksums. No user data is sent — only the WordPress version number and locale. * Service: https://api.wordpress.org/core/checksums/1.0/ * Privacy: https://wordpress.org/about/privacy/

ipapi.co

Used to determine the country of origin for login attempts when Geo IP country blocking is enabled. Data sent: the visitor’s IP address. This check only runs on the login page when the feature is active. * Service: https://ipapi.co * Privacy: https://ipapi.co/privacy/

HaveIBeenPwned API (Patched only)

Used to check if admin email addresses appear in known data breach databases. Requires a valid HIBP API key configured in settings. * Service: https://haveibeenpwned.com/API/v3 * Privacy: https://haveibeenpwned.com/Privacy * Terms: https://haveibeenpwned.com/API/v3#license

Freemius

Used to manage the Patched premium subscription, licensing, and payments. Data sent upon upgrade: site URL, WordPress version, plugin version, and user email if the user opts in. * Service: https://freemius.com * Privacy: https://freemius.com/privacy/ * Terms: https://freemius.com/terms/

무료유료 요금제에서
시작하기
설치하면 WordPress.com 서비스 약관서드파티 플러그인 약관에 동의하게 됩니다.
테스트된 버전
WordPress 6.9.4
이 플러그인은 다운로드할 수 있으며 에서 사용할 수 있습니다.
다운로드