[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7_GXJ4cyBTMPrmF4mHEc37iCJdXDssOYqHP-aOQIyt0":3},{"slug":4,"display_name":4,"profile_url":5,"plugin_count":6,"total_installs":7,"avg_security_score":8,"avg_patch_time_days":9,"trust_score":10,"computed_at":11,"plugins":12},"aaronhsieh","https:\u002F\u002Fprofiles.wordpress.org\u002Faaronhsieh\u002F",1,20,100,30,94,"2026-07-15T05:47:41.910Z",[13],{"slug":14,"name":15,"version":16,"author":4,"author_profile":5,"description":17,"short_description":18,"active_installs":7,"downloaded":19,"rating":20,"num_ratings":20,"last_updated":21,"tested_up_to":22,"requires_at_least":23,"requires_php":24,"tags":25,"homepage":30,"download_link":31,"security_score":8,"vuln_count":20,"unpatched_count":20,"last_vuln_date":32,"fetched_at":33},"site-add-on-watchdog","Site Add-on Watchdog","1.7.5.1","\u003Cp>Site Add-on Watchdog keeps an eye on your site’s plugins and warns you when:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Your installed version is two or more minor releases behind the directory build.\u003C\u002Fli>\n\u003Cli>The official changelog mentions security or vulnerability fixes.\u003C\u002Fli>\n\u003Cli>(Optional) WPScan lists open CVEs for the plugin when you provide your own API key.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin runs on a schedule you control—choose daily, weekly, a twenty-minute testing cadence, or rely on manual scans—and stores results locally. Nothing leaves your site unless you explicitly configure outgoing notifications.\u003C\u002Fp>\n\u003Ch3>Privacy first\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No plugin inventory or telemetry is ever sent off-site by default.\u003C\u002Fli>\n\u003Cli>Optional webhooks are opt-in and only post the detected risks.\u003C\u002Fli>\n\u003Cli>WPScan lookups only run when you add your personal API token.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Admin tools\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Dashboard page with the current risk list and manual scan button.\u003C\u002Fli>\n\u003Cli>Ignore list to suppress noisy plugins.\u003C\u002Fli>\n\u003Cli>Notification settings for email, Discord, Slack, Microsoft Teams, or a generic webhook.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notifications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Email: send to one or more recipients (comma separated).\u003C\u002Fli>\n\u003Cli>Discord: post to a channel via webhook.\u003C\u002Fli>\n\u003Cli>Slack: connect via an incoming webhook to post alerts into any workspace channel.\u003C\u002Fli>\n\u003Cli>Microsoft Teams: send adaptive card style notices through an incoming webhook connector.\u003C\u002Fli>\n\u003Cli>Generic webhook: post JSON payload to any endpoint you control, with optional HMAC signatures. Failed deliveries are logged and highlighted on the Watchdog admin screen so you can reconfigure or resend manually.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Ch3>Scheduled scans are not running\u003C\u002Fh3>\n\u003Cp>Watchdog relies on WP-Cron to trigger scheduled scans and notifications. If you have set \u003Ccode>DISABLE_WP_CRON\u003C\u002Fcode> to \u003Ccode>true\u003C\u002Fcode> or your site receives very little traffic (so WP-Cron rarely runs), configure a system cron job to call either \u003Ccode>wp-cron.php\u003C\u002Fcode> or the plugin’s REST endpoint. The admin \u003Cstrong>Delivery health\u003C\u002Fstrong> panel lists the REST URL you can target; a typical example looks like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>curl -X POST https:\u002F\u002Fexample.com\u002Fwp-json\u002Fsite-add-on-watchdog\u002Fv1\u002Fcron\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Testing-mode notifications also rely on this trigger, so be sure your cron job is running when validating delivery.\u003C\u002Fp>\n\u003Ch3>CLI Usage\u003C\u002Fh3>\n\u003Cp>Watchdog bundles a WP-CLI command so you can run scans outside of the WordPress admin. All examples below assume the command is executed from a shell where \u003Ccode>wp\u003C\u002Fcode> (WP-CLI) is available.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>wp watchdog scan [--notify=\u003Cbool>]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\u003Ccode>--notify\u003C\u002Fcode> (optional): Accepts \u003Ccode>true\u003C\u002Fcode> or \u003Ccode>false\u003C\u002Fcode> (defaults to \u003Ccode>true\u003C\u002Fcode>). When set to \u003Ccode>false\u003C\u002Fcode>, Watchdog will skip any configured email or webhook notifications and only record the scan locally.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Run a scan and send notifications (default): \u003Ccode>wp watchdog scan\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Run a scan silently (skip notifications): \u003Ccode>wp watchdog scan --notify=false\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Recommended workflow: on CI\u002FCD platforms, add a job step that boots your WordPress\u002FWP-CLI container, runs pending database migrations if needed, and then calls \u003Ccode>wp watchdog scan --notify=false\u003C\u002Fcode> to verify the plugin state without spamming production channels. Promote to production by rerunning the same command with notifications enabled when you are ready to alert your team.\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>The development repository is available on GitHub: https:\u002F\u002Fgithub.com\u002Fhappyloa\u002FSite-Add-on-Watchdog. Clone it locally to review the source or run the test suite.\u003C\u002Fp>\n","Monitor installed plugins for security notices, outdated releases, and WPScan disclosures without leaking your site's plugin inventory.",244,0,"2026-01-09T19:36:00.000Z","6.9.4","6.0","8.1",[26,27,28,29],"monitoring","notifications","plugins","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-add-on-watchdog.1.7.5.1.zip",null,"2026-04-16T10:56:18.058Z"]