內容簡介
Squish Site Patrol 為您的 WordPress 網站提供全面的健康檢查,包括安全強化、惡意軟體掃描、登錄保護及頁面速度監測,所有功能均可在一個整潔的控制台中操作。
【主要功能】
• 兩步驟驗證(2FA)支持
• 登錄保護與 reCAPTCHA 整合
• 全面安全檢查與漏洞檢測
• 惡意軟體掃描與檔案監控
• 郵件洩漏檢測與警報
• 頁面速度與核心網頁指標分析
外掛標籤
開發者團隊
原文外掛簡介
Squish Site Patrol gives your WordPress site a complete health check — security hardening, malware scanning, login protection, and page speed in a single clean dashboard.
Two-Factor Authentication (2FA)
* TOTP-based 2FA with QR code setup (Google Authenticator, Authy, etc.)
* Custom branded interstitial login page — replaces the default wp-login.php flow
* Per-user 2FA enrollment with recovery options
Login Protection
* reCAPTCHA v3 on the login page (free tier, no checkbox required)
* Geo IP country blocking — restrict logins by country via ipapi.co
* Failed login attempt monitoring and alerts (Patched)
* Detects predictable “admin” username
Security Checks
* WordPress core version check
* Plugin update status — flags outdated plugins
* SSL / HTTPS detection
* File editor status check (wp-admin editor)
* wp-config.php permissions check (Patched)
* XML-RPC status check (Patched)
* Debug mode detection (Patched)
* Admin account audit — flags inactive admin accounts (Patched)
* Database prefix check — flags default wp_ prefix (Patched)
* Directory listing detection (Patched)
Malware Scanner
* Verifies all 3,000+ WordPress core files against official checksums
* Detects PHP files hidden in your uploads folder
* Scans for dangerous file types (.exe, .sh, .bat) in uploads
* User enumeration vulnerability check
* Flags any modified core files
* Real-time file change monitoring with baseline comparison (Patched)
Email Breach Detection
* Checks admin email addresses against HaveIBeenPwned (Patched)
* Alerts you if any admin account appears in a known breach
Page Speed & Core Web Vitals
* Live Google PageSpeed Insights score
* Core Web Vitals — LCP, FCP, and CLS
* Mobile performance scoring
* Scan any public URL
* Inline metric explanations
Reporting
* Weekly HTML email reports with a full scan summary (Patched)
* Scheduled automatic daily scans (Patched)
* Email alerts when issues are detected (Patched)
* SSL certificate expiry alerts (Patched)
Dashboard & UX
* Categorized check panels — Login, Server, and Files (collapsible)
* Issues-only toggle — hide passing checks, focus on what needs fixing
* Rescan button with toast notification (no page reload)
* Card-based Settings UI with masked API keys
* Dark mode toggle
* Scan spinner and auto-scan status badge
* Inline metric tooltips
Performance
* Aggressive transient caching (12–24hr TTL) across all check classes
* Zero front-end footprint — all scans run in wp-admin only
Squish Site Patrol Patched — $15/mo
Upgrade to Patched for automatic monitoring and advanced protection:
Scheduled automatic daily scans
Weekly HTML email reports
Email alerts when issues are found
Failed login attempt monitoring
SSL certificate expiry alerts
Real-time file change monitoring with baseline comparison
Reset file monitoring baseline after legitimate updates
wp-config.php permissions check
XML-RPC status check
Debug mode detection
Admin account audit — flags inactive admin accounts
Database prefix check — flags default wp_ prefix
Directory listing detection
Email breach check via HaveIBeenPwned
Up to 3 sites
External Services
Google PageSpeed Insights API
Used to analyze page speed and Core Web Vitals for any URL entered by the user. Data sent: the URL being scanned. This call is only made when the user clicks “Run scan”.
* Service: https://developers.google.com/speed/docs/insights/v5/about
* Privacy: https://policies.google.com/privacy
* Terms: https://developers.google.com/terms
WordPress.org Checksums API
Used to verify the integrity of WordPress core files by comparing them against official checksums. No user data is sent — only the WordPress version number and locale.
* Service: https://api.wordpress.org/core/checksums/1.0/
* Privacy: https://wordpress.org/about/privacy/
ipapi.co
Used to determine the country of origin for login attempts when Geo IP country blocking is enabled. Data sent: the visitor’s IP address. This check only runs on the login page when the feature is active.
* Service: https://ipapi.co
* Privacy: https://ipapi.co/privacy/
HaveIBeenPwned API (Patched only)
Used to check if admin email addresses appear in known data breach databases. Requires a valid HIBP API key configured in settings.
* Service: https://haveibeenpwned.com/API/v3
* Privacy: https://haveibeenpwned.com/Privacy
* Terms: https://haveibeenpwned.com/API/v3#license
Freemius
Used to manage the Patched premium subscription, licensing, and payments. Data sent upon upgrade: site URL, WordPress version, plugin version, and user email if the user opts in.
* Service: https://freemius.com
* Privacy: https://freemius.com/privacy/
* Terms: https://freemius.com/terms/
