內容簡介
總結:
Site Add-on Watchdog 能夠監控您網站的外掛程式,並在以下情況下警告您:
- 您的安裝版本比目錄版本落後兩個或更多次要版本。
- 官方更新內容中提及了安全或漏洞修復。
- (選擇)當您提供自己的 API 金鑰時,WPScan 列出有關該外掛的 CVE 條目。
問題與答案:
1. 什麼時候 Site Add-on Watchdog 會警告您?
- 答:Site Add-on Watchdog 會在您的安裝版本比目錄版本落後兩個或更多次要版本時發出警告。同時,它還在官方更新內容中提及了安全或漏洞修復時發出警告。另外,當您提供自己的 API 金鑰時,WPScan 也會列出有關該外掛的 CVE 條目。
2. Site Add-on Watchdog 的隱私保護政策是什麼?
- 答:Site Add-on Watchdog 的隱私保護政策包括不會默認將任何外掛清單或遙測數據發送到外部。在選擇使用可選的 Webhooks 時,只會提交檢測到的風險。此外,當您添加個人 API 令牌時,WPScan 查找才會運行。
3. Site Add-on Watchdog 提供哪些管理工具?
- 答:Site Add-on Watchdog 提供了一個儀表板頁面,顯示當前的風險清單和手動掃描按鈕。還有一個忽略清單以壓制喧囂的外掛程式。通知設定可配置為發送郵件、Discord、Slack、Microsoft Teams 或常規 Webhook。
4. Site Add-on Watchdog 可以通過哪些方式發送通知?
- 答:Site Add-on Watchdog 可以通過郵件、Discord、Slack、Microsoft Teams 或一般 Webhook 發送通知。您可以將通知發送給一個或多個收件人(逗號分隔)。當通知傳遞失敗時,日誌將被記錄並在 Watchdog 管理員畫面上突顯。
外掛標籤
開發者團隊
原文外掛簡介
Site Add-on Watchdog keeps an eye on your site’s plugins and warns you when:
Your installed version is two or more minor releases behind the directory build.
The official changelog mentions security or vulnerability fixes.
(Optional) WPScan lists open CVEs for the plugin when you provide your own API key.
The plugin runs on a schedule you control—choose daily, weekly, a twenty-minute testing cadence, or rely on manual scans—and stores results locally. Nothing leaves your site unless you explicitly configure outgoing notifications.
Privacy first
No plugin inventory or telemetry is ever sent off-site by default.
Optional webhooks are opt-in and only post the detected risks.
WPScan lookups only run when you add your personal API token.
Admin tools
Dashboard page with the current risk list and manual scan button.
Ignore list to suppress noisy plugins.
Notification settings for email, Discord, Slack, Microsoft Teams, or a generic webhook.
Notifications
Email: send to one or more recipients (comma separated).
Discord: post to a channel via webhook.
Slack: connect via an incoming webhook to post alerts into any workspace channel.
Microsoft Teams: send adaptive card style notices through an incoming webhook connector.
Generic webhook: post JSON payload to any endpoint you control, with optional HMAC signatures. Failed deliveries are logged and highlighted on the Watchdog admin screen so you can reconfigure or resend manually.
Troubleshooting
Scheduled scans are not running
Watchdog relies on WP-Cron to trigger scheduled scans and notifications. If you have set DISABLE_WP_CRON to true or your site receives very little traffic (so WP-Cron rarely runs), configure a system cron job to call either wp-cron.php or the plugin’s REST endpoint. The admin Delivery health panel lists the REST URL you can target; a typical example looks like this:
curl -X POST https://example.com/wp-json/site-add-on-watchdog/v1/cron
Testing-mode notifications also rely on this trigger, so be sure your cron job is running when validating delivery.
CLI Usage
Watchdog bundles a WP-CLI command so you can run scans outside of the WordPress admin. All examples below assume the command is executed from a shell where wp (WP-CLI) is available.
wp watchdog scan [--notify=
--notify (optional): Accepts true or false (defaults to true). When set to false, Watchdog will skip any configured email or webhook notifications and only record the scan locally.
Examples:
Run a scan and send notifications (default): wp watchdog scan
Run a scan silently (skip notifications): wp watchdog scan --notify=false
Recommended workflow: on CI/CD platforms, add a job step that boots your WordPress/WP-CLI container, runs pending database migrations if needed, and then calls wp watchdog scan --notify=false to verify the plugin state without spamming production channels. Promote to production by rerunning the same command with notifications enabled when you are ready to alert your team.
Development
The development repository is available on GitHub: https://github.com/happyloa/Site-Add-on-Watchdog. Clone it locally to review the source or run the test suite.
