BloomWatcher – Live Server & Site Health Dashboard

Description

BloomWatcher turns wp-admin into a gorgeous, live status dashboard for the server your site runs on. No SaaS dashboard, no Grafana, no Linux know-how — just open the dashboard and watch your whole stack breathe. (It does make a few small, cached lookups for plugin-update and TLS data — see “External services” below.)

Most “monitoring” plugins only look at WordPress. This one looks at the whole stack — the server, the web server, PHP, the database, TLS, DNS and WordPress itself — then grades it with an actionable health score.

Built for self-hosted WordPress on a VPS (DigitalOcean, Hetzner, Linode, etc.) and the agencies and freelancers who manage them.

Free features

  • CPU usage, load average and core count (animated ring gauge)
  • Memory used / total
  • Disk usage for the WordPress filesystem
  • Network throughput and connection count
  • Top processes by CPU
  • System uptime, hostname, kernel, OS
  • PHP version, SAPI, memory limit, OPcache status
  • Database engine, version, connection status, query count
  • Web server detection (nginx / Apache / LiteSpeed) and version
  • SSL certificate days-until-expiry with issuer
  • DNS check — does the domain actually point at this server?
  • WordPress version and pending core / plugin / theme updates
  • Autoload analysis — find the autoloaded options bloating every request
  • Health Diagnosis — a scored (0–100) security, performance and maintenance check-up with an A–D grade and prioritised findings, refreshed on demand
  • Live updates every few seconds, Apple-Home-style cards, dark mode, mobile friendly
  • Degrades gracefully on restricted hosts (shows “N/A” instead of breaking)

It’s genuinely useful on day one, for a single site, completely free.

Privacy

Your server and WordPress metrics are read locally and shown only to logged-in administrators — they are never sent to any external service. The plugin’s only outbound requests are the functional, cached lookups described under “External services” below (abandoned-plugin dates from api.wordpress.org, your own site’s TLS certificate, and Freemius for licensing/updates). None of them carry your server metrics or any personal data.

Pro

Stay ahead of problems instead of watching a dashboard:

  • Plugin Performance — rank your active plugins by how long they take to load (and how much memory they use) on every request, so you can spot the heavyweights. Measured by a tiny, optional must-use profiler file that you install with one click (and can remove just as easily) — see the FAQ for exactly what it adds.
  • Domain expiry — domain registration expiry date and registrar via RDAP, with an alert before it lapses.
  • Smart alerts — get notified the moment CPU, memory, disk, SSL or domain expiry crosses a threshold, via email, Telegram, Slack or Discord.
  • History & trends — 24h / 7d / 30d graphs of your key metrics.
  • One-click fixes — apply and undo safe hardening (disable XML-RPC, disable the file editor) straight from the diagnosis, fully reversible.

Agency

  • Multi-site hub — watch every site you manage from one dashboard (up to 20 sites).
  • Centralized alerts across all your sites and domains.
  • PDF client reports (coming soon).

The free version is fully functional on its own — Pro and Agency are additions, not unlocks of crippled features.

External services

To provide some of its features, this plugin relies on the following third-party/external services. Each lookup is cached to keep outbound requests to a minimum, and none of them receive your server metrics or personal data.

WordPress.org Plugins API — api.wordpress.org

What it is and what it’s used for: the official WordPress.org Plugins API. The Health Diagnosis “abandoned plugin” check uses it to read each active plugin’s last-release date — the same endpoint WordPress core already contacts for update checks.

What is sent and when: the slugs of your active plugins, periodically when the diagnosis runs (cached for up to a week). No personal data is sent.

  • Terms of use / privacy: https://wordpress.org/about/privacy/

Freemius — api.freemius.com

What it is and what it’s used for: Freemius handles licensing, secure checkout and automatic updates for the optional Pro/Agency add-ons, and — only if you explicitly opt in — anonymous usage diagnostics that help us improve the plugin.

What is sent and when: on activation the plugin shows an opt-in screen (you can skip it); license/update checks are made when relevant. No diagnostic data is sent unless you agree, and your server metrics are never part of it.

  • Terms of Service: https://freemius.com/terms/
  • Privacy Policy: https://freemius.com/privacy/

Screenshots

Installation

  1. In wp-admin go to Plugins Add New, search for “BloomWatcher”, and click Install Now (or upload the bloomwatcher folder to /wp-content/plugins/).
  2. Activate the plugin.
  3. Open Server Monitor in the admin menu — the dashboard starts streaming immediately.

Server-level metrics (CPU, RAM, uptime) require access to /proc and are intended for VPS / dedicated hosts. On restricted shared hosting those cards show “N/A”; everything else still works.

FAQ

Does this work on shared hosting?

Partially. Shared hosts usually block /proc and shell functions, so CPU/RAM/uptime may show “N/A”. PHP, database, SSL, domain, DNS and WordPress cards still work everywhere.

Does it send my data anywhere?

Your server and WordPress metrics never leave your site — they’re read on your server and shown only in your wp-admin. The plugin makes a few functional lookups (api.wordpress.org for abandoned-plugin dates, your own site’s TLS cert) and uses Freemius for licensing/updates and optional opt-in diagnostics. See the “External services” section above for the full list, including links to each service’s terms and privacy policy.

Do I need to set up a cron job?

No. History and alerts sample on wp-cron by default, which needs zero setup. Power users can optionally drive sampling from a real system cron for tighter timing.

Will email alerts work on my server?

Email alerts use WordPress’s mail system, so they work wherever your site can already send email. If your server can’t send mail, use the Telegram, Slack or Discord channels — those send over outbound HTTPS and don’t need a mail server.

How does monitoring multiple sites work?

Each site exposes its metrics behind a per-site connection key sent in a custom header, so no server configuration is needed. A hub then reads its sibling sites and shows them together. (Multi-site monitoring is an Agency feature.)

Is it really free?

Yes — the complete monitoring dashboard and health diagnosis are free for a single site, forever. Pro and Agency add automation (plugin performance, alerts, history, one-click fixes) and multi-site management.

What is the Plugin Performance profiler file, and is it added automatically?

No — nothing is added automatically. Plugin Performance (a Pro feature) works by placing one small, fixed PHP file at wp-content/mu-plugins/wlsm-profiler.php. That file is a bundled, human-readable file shipped inside the plugin — it is never generated on the fly. It is added only when you click “Enable Plugin Performance” on the dashboard, after a clear notice telling you exactly what it does and where it goes. All it does is time how long each plugin takes to load and write a small summary; it changes nothing else on your site. You can remove it from the same panel at any time, and it is removed automatically when you deactivate the plugin.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“BloomWatcher – Live Server & Site Health Dashboard” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

0.5.6

  • Compliance: Plugin Performance is now a Pro feature, and its optional must-use profiler file (wp-content/mu-plugins/wlsm-profiler.php) is never installed automatically. It is a fixed, bundled file — never generated on the fly — that is added only after you explicitly opt in from the dashboard (with a clear notice about what it adds and where), and it can be removed again from the same panel. The free build ships none of this code and writes nothing to wp-content/mu-plugins.

0.5.5

  • Compliance: the free build no longer ships any one-click-fix code. The Apply/Undo control — its REST route, the diagnosis action and all front-end handling — now lives entirely in the Pro add-on; the free diagnosis links to the official WordPress hardening guide instead. No built-in feature is gated by a license check.

0.5.4

  • Compliance: the one-click hardening fix and the Plugin Performance profiler are no longer locked behind upgrade prompts — one-click fixes moved entirely into the Pro add-on (the free diagnosis links to manual instructions), and Plugin Performance is now fully free.
  • Compliance: the domain-registration (RDAP) lookup moved into the Pro add-on, so the free build makes no outbound RDAP call. The free build’s only external services are now api.wordpress.org (abandoned-plugin dates) and Freemius (licensing/updates), both documented under “External services” with terms and privacy links.
  • Maintenance: removed dead code and added a full uninstall cleanup (options, transients and the time-series table).

0.5.3

  • Renamed the plugin to “BloomWatcher”. No functional changes — internal identifiers and your settings are untouched.

0.5.2

  • Packaging: the Freemius SDK is now managed with Composer under vendor/, per WordPress.org guidance for bundling third-party libraries. No functional changes.

0.5.1

  • Renamed the plugin to “Live Server Monitor”. No functional changes — internal identifiers and your settings are untouched.

0.5.0

  • New: Domain registration expiry (RDAP) and a DNS “points here?” check.
  • New: Autoload options analysis — surface the autoloaded data weighing down every request.
  • New (Pro): Smart alerts engine — CPU, RAM, disk, SSL and domain-expiry thresholds delivered to email, Telegram, Slack or Discord, with start/clear notifications.
  • New (Pro): History & trends — 24h / 7d / 30d graphs backed by a lightweight time-series sampler that runs on wp-cron (no setup).
  • New (Agency): Multi-site hub — monitor up to 20 connected sites from one dashboard, with centralized alerts across all sites and domains.
  • New: translations for German, French, Japanese, Spanish, Brazilian Portuguese, Italian, Dutch, Russian and Korean.
  • Hardening: security review pass (SSRF-guarded site connections, HTTPS-only hub, throttled sampling endpoint, license-gating integrity).

0.4.0

  • New: Plugin Performance panel — ranks active plugins by how long they take to load (and how much memory they allocate) on each request, so you can spot the heavyweights at a glance.
  • Measured by a tiny must-use drop-in (wlsm-profiler.php) installed automatically on activation and removed on deactivation; it hooks WordPress’s per-plugin plugin_loaded event, samples with near-zero overhead and writes a throttled, smoothed summary. Shows “load time” honestly — boot cost per request, not full runtime.
  • New: GET /wlsm/v1/performance endpoint (admin-only) backing the panel.

0.3.0

  • New: actionable Health Diagnosis. Each finding now offers the right next step — a one-click “Apply” for fixes the plugin can safely enforce itself (disable XML-RPC, disable the file editor, both reversible), a deep link to the correct admin screen for things it can’t do for you (updates, install 2FA, object cache), or a plain explanation when only a server change will do.
  • New: POST /wlsm/v1/fix endpoint (admin-only) backing the one-click fixes, stored as a reversible option.

0.2.0

  • New: Health Diagnosis panel — a scored (0–100) security / performance / maintenance check-up with warnings, recommendations and fix hints, served from a separate cached /wlsm/v1/health endpoint with a manual re-scan.
  • Performance: CPU usage is now sampled across polls instead of blocking the request with a 200ms sleep.
  • Performance: the SSL certificate probe is cached (12h) instead of running a TLS handshake on every poll.

0.1.0

  • Initial MVP: live single-server dashboard with CPU, memory, disk, system, PHP, database, web server, SSL and WordPress cards.