Description
Squish Site Patrol gives you a complete health check for your WordPress site in one place — page speed, security, and malware scanning in a single clean dashboard.
Page Speed
* Live Google PageSpeed Insights score
* Core Web Vitals — LCP, FCP, and CLS
* Mobile performance scoring
* Scan any public URL
* Inline metric explanations so you know what each score means
Security
* WordPress core version check
* Detects predictable “admin” username
* Plugin update status
* SSL / HTTPS detection
* File editor status check
Malware Scanner
* Verifies all 3,000+ WordPress core files against official checksums
* Detects PHP files hidden in your uploads folder
* Scans for dangerous file types (.exe, .sh, .bat) in uploads
* User enumeration vulnerability check
* Flags any modified core files
Quality of Life
* Dark mode toggle
* Scanning spinner so you know when a scan is running
* Auto-scan status badge in the scan bar (Patched)
Squish Site Patrol Patched — $15/mo
Upgrade to Patched for automatic scans and advanced monitoring:
- Scheduled automatic daily scans
- Email scan reports when issues are found
- Failed login attempt monitoring
- wp-config.php permissions check
- SSL certificate expiry alerts
- Real-time file change monitoring with baseline comparison
- Debug mode detection
- XML-RPC status check
- Admin account audit — flags inactive admin accounts
- Database prefix check — flags default wp_ prefix
- Directory listing detection
- Email breach check via HaveIBeenPwned
- Reset file monitoring baseline after legitimate updates
- Up to 3 sites
External Services
This plugin connects to the following external services:
Google PageSpeed Insights API
Used to analyze page speed and Core Web Vitals for any URL entered by the user. Data sent: the URL being scanned. This call is only made when the user clicks “Run scan”.
* Service: https://developers.google.com/speed/docs/insights/v5/about
* Privacy: https://policies.google.com/privacy
* Terms: https://developers.google.com/terms
WordPress.org Checksums API
Used to verify the integrity of WordPress core files by comparing them against official checksums. No user data is sent — only the WordPress version number and locale.
* Service: https://api.wordpress.org/core/checksums/1.0/
* Privacy: https://wordpress.org/about/privacy/
HaveIBeenPwned API (Patched only)
Used to check if admin email addresses appear in known data breach databases. Requires a valid HIBP API key configured in settings.
* Service: https://haveibeenpwned.com/API/v3
* Privacy: https://haveibeenpwned.com/Privacy
* Terms: https://haveibeenpwned.com/API/v3#license
Freemius
Used to manage the Patched premium subscription, licensing, and payments. Data sent upon upgrade: site URL, WordPress version, plugin version, and user email if the user opts in.
* Service: https://freemius.com
* Privacy: https://freemius.com/privacy/
* Terms: https://freemius.com/terms/
Installation
- Upload the plugin files to
/wp-content/plugins/squish-site-patrol - Activate the plugin through the Plugins screen in WordPress
- Go to Squish Site Patrol Settings and enter your Google API key
- Click Squish Site Patrol in the sidebar and run your first scan
Where do I get a Google API key?
Go to console.cloud.google.com, create a project, enable the PageSpeed Insights API, and generate an API key under Credentials. It’s free.
FAQ
-
Does this plugin slow down my site?
-
No. Scans only run when you manually click “Run scan” in the admin panel. Nothing runs on the front end.
-
Is the malware scan automatic?
-
In the free version scans run on demand. Scheduled automatic daily scanning is available in Squish Site Patrol Patched.
-
What does the malware scanner actually check?
-
It compares every WordPress core file on your server against the official checksums published by WordPress.org. Any file that does not match gets flagged immediately. It also scans your uploads folder for PHP files, dangerous file types, and checks for user enumeration vulnerabilities.
-
What is file change monitoring?
-
Patched users get a baseline snapshot of all plugin and theme files. On every scheduled scan, Squish Site Patrol compares the current files against that baseline and alerts you to any unexpected changes — modified, added, or removed files.
-
Do you offer refunds?
-
All sales are final. We recommend trying the free version thoroughly before upgrading to Patched.
-
What is Squish Site Patrol Patched?
-
Patched is the paid tier of Squish Site Patrol at $15/month. It adds automatic scheduled scans, email reports, login monitoring, SSL expiry alerts, file change monitoring, breach detection, and much more.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Squish Site Patrol” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Squish Site Patrol” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.1.0
- Added scheduled automatic daily scans (Patched)
- Added email scan reports when issues are detected (Patched)
- Added real-time file change monitoring with baseline comparison (Patched)
- Added SSL certificate expiry alerts (Patched)
- Added wp-config.php permissions check (Patched)
- Added failed login attempt monitoring (Patched)
- Added debug mode detection (Patched)
- Added XML-RPC status check (Patched)
- Added admin account audit for inactive admins (Patched)
- Added database prefix check (Patched)
- Added directory listing detection (Patched)
- Added email breach check via HaveIBeenPwned (Patched)
- Added reset file monitoring baseline button (Patched)
- Added suspicious file type detection in uploads (.exe, .sh, .bat)
- Added user enumeration vulnerability check
- Added dark mode toggle with localStorage persistence
- Added scanning spinner on Run scan button
- Added auto-scan status badge in scan bar
- Added inline metric tooltips (Performance, LCP, CLS, FCP)
- Score cards now show before a scan with placeholder values
- Improved dashboard layout and branding
1.0.0
- Initial release
- PageSpeed Insights integration with Core Web Vitals
- Security checker with 5 live checks
- WordPress core file integrity scanner
- PHP-in-uploads detection