Select one or more tags, then press “Search Plugins”

Find Plugin with any / all of the selected criteria
Search Plugin

PressVitals Site Auditor Wordpress Plugin - Rating, Reviews, Demo & Download

PressVitals Site Auditor Preview Wordpress Plugin - Rating, Reviews, Demo & Download
No ratings yet
Free
Follow for free plugins, new theme releases and theme news

Plugin Description

PressVitals Site Auditor is a headless-first diagnostic engine. It runs a
suite of read-only probes across performance, security, deliverability and
database health, assigns each a severity tier, rolls them up into a worst-of
verdict, and exposes the result where automation can actually consume it: a
token-gated REST report, a daily cron with email alerts, and a categorized admin
dashboard.

It is dependency-free — no WooCommerce, no page builder, no other plugin
required — and pluggable: every probe is registered through a filter, so the
22+ built-in probes are just the starting point. The architecture is designed
to scale to 48+ probes in production; register your own via
pvsa_registered_checks.

How is this different from the built-in Site Health?

WordPress core’s Tools Site Health is excellent, but it is an on-demand,
admin-only
tool: you open a screen, it runs its status tests, and the Debug tab
prints a static environment dump for support. PressVitals is built for a different
job — continuous, automated, machine-readable monitoring and auditing:

  • Headless / API-first. Core Site Health has no public report API. PressVitals
    exposes a no-auth /ping liveness probe and a token-gated /report JSON
    endpoint (HTTP 503 on a failing verdict) so an external uptime monitor,
    status page, or CI pipeline can read site health without logging in.
  • Scheduled + alerting. Core never runs on a schedule and never tells you
    when something breaks. PressVitals runs daily via WP-Cron and emails the admin
    when the verdict is fail
    .
  • Severity tiers + worst-of verdict. Core labels results good/recommended/
    critical. PressVitals assigns each probe a 1–5 severity tier and computes a
    single rolled-up verdict suitable for a green/red status signal.
  • Probes core does not have. TLS certificate-expiry countdown (core only
    checks that HTTPS works today), .env/secret-file web exposure, a web-root
    stray-backup scanner, baseline security headers (HSTS / X-Frame-Options / …),
    forced-HTTPS redirect, XML-RPC exposure, default-admin-username detection,
    SPF + DMARC email-DNS records, homepage indexability, and database-bloat
    (expired transients / revisions / spam) checks.
  • Pluggable + configurable. Core’s tests are fixed. PressVitals lets any plugin
    or theme register probes via a filter and tune every threshold via filters.

Think of it as the layer on top of Site Health: the same read-only philosophy,
re-pointed at automation, alerting, and security/ops auditing.

Built-in probes

PressVitals ships 29 built-in probes, grouped by functional category:

  • Availability — database connectivity, homepage HTTPS reachability.
  • Security.env not web-accessible (HTTP) and not exposed on disk,
    web-root stray/backup file scan, TLS certificate expiry, baseline security
    headers, forced HTTPS, XML-RPC exposure, no default admin user,
    wp-config.php permissions, user-enumeration exposure, error-display off.
  • Errors — error-log size, recent PHP fatal errors.
  • Database — core tables present, non-core/orphaned tables, autoloaded-options
    size, database bloat.
  • Files — free disk space, uploads-directory writability, recent backup.
  • Email — SPF + DMARC DNS records for the sending domain.
  • SEO — homepage is indexable (not noindex).
  • Performance — PHP memory limit, persistent object cache.
  • Environment — supported PHP version, WordPress core update available,
    plugin updates pending.

Extend it with your own checks

Probes are not hardcoded — the engine collects them from a filter, so any plugin
or theme can register its own:

add_filter( 'pvsa_registered_checks', function ( array $checks ) {
    $checks['my_queue_backlog'] = array(
        'label'    => 'Job queue backlog',
        'group'    => 'Performance',
        'tier'     => 2,
        'callback' => function () {
            $pending = my_count_pending_jobs();
            return $pending > 1000
                ? array( 'status' => 'warn', 'detail' => "$pending jobs pending" )
                : array( 'status' => 'pass', 'detail' => "$pending jobs pending" );
        },
    );
    return $checks;
} );

A callback returns array( 'status' => 'pass'|'warn'|'fail', 'detail' => '…' ).

Developer filters

  • pvsa_registered_checks — register/override probes.
  • pvsa_setting_{key} — override a stored threshold at read time.
  • pvsa_alert_email — change the failure-alert recipient.
  • pvsa_http_timeout, pvsa_disk_free_min_bytes, pvsa_memory_min_bytes,
    pvsa_fatal_lookback_hours, pvsa_fatal_scan_max_bytes — tune environment probes.
  • pvsa_ssl_warn_days, pvsa_ssl_fail_days — TLS expiry thresholds.
  • pvsa_backup_warn_days, pvsa_backup_fail_days — backup-recency thresholds.
  • pvsa_last_backup_timestamp — report your last successful backup time (UNIX) so
    the backup probe works with any backup plugin, host, or off-site service.
  • pvsa_backup_plugins — list of backup-plugin basenames recognised by presence.
  • pvsa_max_expired_transients, pvsa_max_revisions, pvsa_max_spam_comments
    database-bloat thresholds.
  • pvsa_known_tables — full table names to treat as expected (silences the
    non-core/orphaned-tables probe for legitimate plugin tables).
  • pvsa_orphan_tables_warn — non-core table count above which the probe warns.
  • pvsa_sending_domain — domain used for the SPF/DMARC lookup.

Compatibility

PressVitals has no plugin dependencies and runs on virtually any WordPress
install — single-site or multisite, with or without WooCommerce, page builders,
or a backup plugin. It calls only core WordPress APIs and guards every optional PHP
function (disk_free_space, stream_socket_client/OpenSSL, dns_get_record,
WP_Filesystem), degrading a probe to a neutral pass/skip when something isn’t
available rather than erroring. The backup probe is backup-agnostic: it reads
UpdraftPlus directly, recognises other common backup plugins, and lets any other
backup solution (including host-level backups) report in via
pvsa_last_backup_timestamp.

Development

Two local workflows are scaffolded (both Docker-based; neither ships in the
package):

Automated tests — wp-env (recommended): requires Docker + Node.js.
npm -g install @wordpress/env, then wp-env start and
wp-env run tests-cli –env-cwd=wp-content/plugins/pressvitals-site-auditor vendor/bin/phpunit.
Switch versions by editing core / phpVersion in .wp-env.json and running
wp-env start –update. Without Docker, run the suite the classic way:
composer install, bin/install-wp-tests.sh wordpress_test root '' localhost,
composer test. A GitHub Actions workflow runs PHPUnit across PHP
7.4 / 8.0 / 8.2 / 8.3.

Manual multi-version testing — docker-compose: docker compose up -d boots
three browsable installs at fixed WordPress x PHP combos (WP 6.7/PHP 8.3,
WP 6.4/PHP 8.1, WP 6.3/PHP 7.4) on ports 8083 / 8081 / 8074, each with the plugin
mounted. See docker-compose.yml for details.

Screenshots

No screenshots provided


Reviews & Comments