內容簡介
Squish Site Patrol 為您的 WordPress 網站提供全面的健康檢查,包括安全強化、惡意軟體掃描、登錄保護及頁面速度監測,所有功能均可在一個整潔的控制台中操作。
【主要功能】
• 兩步驟驗證(2FA)支持
• 登錄保護與 reCAPTCHA 整合
• 全面安全檢查與漏洞檢測
• 惡意軟體掃描與檔案監控
• 郵件洩漏檢測與警報
• 頁面速度與核心網頁指標分析
外掛標籤
開發者團隊
原文外掛簡介
Squish Site Patrol gives your WordPress site a complete health check — security hardening, malware scanning, login protection, and page speed in a single clean dashboard.
Two-Factor Authentication (2FA)
* TOTP-based 2FA with QR code setup (Google Authenticator, Authy, etc.)
* Custom branded interstitial login page — replaces the default wp-login.php flow
* Per-user 2FA enrollment with recovery options
Login Protection
* reCAPTCHA v3 on the login page (free tier, no checkbox required)
* Geo IP country blocking — restrict logins by country via ipapi.co
* Magic link login — send a one-time signed login link to your admin email (Patched)
* Failed login attempt monitoring and alerts (Patched)
* Detects predictable “admin” username
Security Checks
* WordPress core version check
* Plugin update status — flags outdated plugins
* SSL / HTTPS detection
* File editor status check (wp-admin editor)
* wp-config.php permissions check (Patched)
* XML-RPC status check (Patched)
* Debug mode detection (Patched)
* Admin account audit — flags inactive admin accounts (Patched)
* Database prefix check — flags default wp_ prefix (Patched)
* Directory listing detection (Patched)
* HTTP security headers check (Patched)
Malware Scanner
* Verifies all 3,000+ WordPress core files against official checksums
* Detects PHP files hidden in your uploads folder
* Scans for dangerous file types (.exe, .sh, .bat) in uploads
* User enumeration vulnerability check
* Flags any modified core files
* Real-time file change monitoring with baseline comparison (Patched)
Email Breach Detection
* Checks admin email addresses against HaveIBeenPwned (Patched)
* Alerts you if any admin account appears in a known breach
Audit Log
* Tracks logins, failed login attempts, plugin installs, settings changes, and scans
* 90-day retention with full event history
* Filter by event type — login, scan, settings, plugin activity and more
* Recent activity strip on the main dashboard
Page Speed & Core Web Vitals
* Live Google PageSpeed Insights score
* Core Web Vitals — LCP, FCP, and CLS
* Mobile performance scoring
* Scan any public URL
* Inline metric explanations
Reporting
* Weekly HTML email reports with a full scan summary (Patched)
* Scheduled automatic daily scans (Patched)
* Email alerts when issues are detected (Patched)
* SSL certificate expiry alerts (Patched)
Dashboard & UX
* Clean two-panel layout — Security on the left, Scans & hardening on the right
* Hardening tab consolidates all Patched checks in one place
* Issues-only toggle on both panels — hide passing checks, focus on what needs fixing
* Rescan button with toast notification (no page reload)
* Dark mode toggle
* Scan spinner and auto-scan status badge
* Score cards hidden by default until first scan runs
* Inline metric tooltips
Performance
* Aggressive transient caching (12–24hr TTL) across all check classes
* Zero front-end footprint — all scans run in wp-admin only
Squish Site Patrol Patched — $15/mo
Upgrade to Patched for automatic monitoring and advanced protection:
Scheduled automatic daily scans
Weekly HTML email reports
Email alerts when issues are found
Magic link login — passwordless one-time login links
Failed login attempt monitoring
SSL certificate expiry alerts
Real-time file change monitoring with baseline comparison
Reset file monitoring baseline after legitimate updates
wp-config.php permissions check
XML-RPC status check
Debug mode detection
HTTP security headers check
Admin account audit — flags inactive admin accounts
Database prefix check — flags default wp_ prefix
Directory listing detection
Email breach check via HaveIBeenPwned
External Services
Google PageSpeed Insights API
Used to analyze page speed and Core Web Vitals for any URL entered by the user. Data sent: the URL being scanned. This call is only made when the user clicks “Run scan”.
* Service: https://developers.google.com/speed/docs/insights/v5/about
* Privacy: https://policies.google.com/privacy
* Terms: https://developers.google.com/terms
WordPress.org Checksums API
Used to verify the integrity of WordPress core files by comparing them against official checksums. No user data is sent — only the WordPress version number and locale.
* Service: https://api.wordpress.org/core/checksums/1.0/
* Privacy: https://wordpress.org/about/privacy/
ipapi.co
Used to determine the country of origin for login attempts when Geo IP country blocking is enabled. Data sent: the visitor’s IP address. This check only runs on the login page when the feature is active.
* Service: https://ipapi.co
* Privacy: https://ipapi.co/privacy/
HaveIBeenPwned API (Patched only)
Used to check if admin email addresses appear in known data breach databases. Requires a valid HIBP API key configured in settings.
* Service: https://haveibeenpwned.com/API/v3
* Privacy: https://haveibeenpwned.com/Privacy
* Terms: https://haveibeenpwned.com/API/v3#license
Freemius
Used to manage the Patched premium subscription, licensing, and payments. Data sent upon upgrade: site URL, WordPress version, plugin version, and user email if the user opts in.
* Service: https://freemius.com
* Privacy: https://freemius.com/privacy/
* Terms: https://freemius.com/terms/
