[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f10srwPbBDCbSDiw1wQHabNdbv6CpDrkEhY6E_Gr3gYQ":3},{"slug":4,"display_name":4,"profile_url":5,"plugin_count":6,"total_installs":7,"avg_security_score":8,"avg_patch_time_days":9,"trust_score":10,"computed_at":11,"plugins":12},"squishit","https:\u002F\u002Fprofiles.wordpress.org\u002Fsquishit\u002F",1,0,100,30,94,"2026-05-19T20:01:03.386Z",[13],{"slug":14,"name":15,"version":16,"author":4,"author_profile":5,"description":17,"short_description":18,"active_installs":7,"downloaded":19,"rating":7,"num_ratings":7,"last_updated":20,"tested_up_to":21,"requires_at_least":22,"requires_php":23,"tags":24,"homepage":30,"download_link":31,"security_score":8,"vuln_count":7,"unpatched_count":7,"last_vuln_date":32,"fetched_at":33},"squish-site-patrol","Squish Site Patrol","1.5.0","\u003Cp>Squish Site Patrol gives your WordPress site a complete health check — security hardening, malware scanning, login protection, and page speed in a single clean dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong>\u003Cbr \u002F>\n* TOTP-based 2FA with QR code setup (Google Authenticator, Authy, etc.)\u003Cbr \u002F>\n* Custom branded interstitial login page — replaces the default wp-login.php flow\u003Cbr \u002F>\n* Per-user 2FA enrollment with recovery options\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Protection\u003C\u002Fstrong>\u003Cbr \u002F>\n* reCAPTCHA v3 on the login page (free tier, no checkbox required)\u003Cbr \u002F>\n* Geo IP country blocking — restrict logins by country via ipapi.co\u003Cbr \u002F>\n* Magic link login — send a one-time signed login link to your admin email (Patched)\u003Cbr \u002F>\n* Failed login attempt monitoring and alerts (Patched)\u003Cbr \u002F>\n* Detects predictable “admin” username\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Checks\u003C\u002Fstrong>\u003Cbr \u002F>\n* WordPress core version check\u003Cbr \u002F>\n* Plugin update status — flags outdated plugins\u003Cbr \u002F>\n* SSL \u002F HTTPS detection\u003Cbr \u002F>\n* File editor status check (wp-admin editor)\u003Cbr \u002F>\n* wp-config.php permissions check (Patched)\u003Cbr \u002F>\n* XML-RPC status check (Patched)\u003Cbr \u002F>\n* Debug mode detection (Patched)\u003Cbr \u002F>\n* Admin account audit — flags inactive admin accounts (Patched)\u003Cbr \u002F>\n* Database prefix check — flags default wp_ prefix (Patched)\u003Cbr \u002F>\n* Directory listing detection (Patched)\u003Cbr \u002F>\n* HTTP security headers check (Patched)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Malware Scanner\u003C\u002Fstrong>\u003Cbr \u002F>\n* Verifies all 3,000+ WordPress core files against official checksums\u003Cbr \u002F>\n* Detects PHP files hidden in your uploads folder\u003Cbr \u002F>\n* Scans for dangerous file types (.exe, .sh, .bat) in uploads\u003Cbr \u002F>\n* User enumeration vulnerability check\u003Cbr \u002F>\n* Flags any modified core files\u003Cbr \u002F>\n* Real-time file change monitoring with baseline comparison (Patched)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Email Breach Detection\u003C\u002Fstrong>\u003Cbr \u002F>\n* Checks admin email addresses against HaveIBeenPwned (Patched)\u003Cbr \u002F>\n* Alerts you if any admin account appears in a known breach\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Audit Log\u003C\u002Fstrong>\u003Cbr \u002F>\n* Tracks logins, failed login attempts, plugin installs, settings changes, and scans\u003Cbr \u002F>\n* 90-day retention with full event history\u003Cbr \u002F>\n* Filter by event type — login, scan, settings, plugin activity and more\u003Cbr \u002F>\n* Recent activity strip on the main dashboard\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Page Speed & Core Web Vitals\u003C\u002Fstrong>\u003Cbr \u002F>\n* Live Google PageSpeed Insights score\u003Cbr \u002F>\n* Core Web Vitals — LCP, FCP, and CLS\u003Cbr \u002F>\n* Mobile performance scoring\u003Cbr \u002F>\n* Scan any public URL\u003Cbr \u002F>\n* Inline metric explanations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Reporting\u003C\u002Fstrong>\u003Cbr \u002F>\n* Weekly HTML email reports with a full scan summary (Patched)\u003Cbr \u002F>\n* Scheduled automatic daily scans (Patched)\u003Cbr \u002F>\n* Email alerts when issues are detected (Patched)\u003Cbr \u002F>\n* SSL certificate expiry alerts (Patched)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dashboard & UX\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clean two-panel layout — Security on the left, Scans & hardening on the right\u003Cbr \u002F>\n* Hardening tab consolidates all Patched checks in one place\u003Cbr \u002F>\n* Issues-only toggle on both panels — hide passing checks, focus on what needs fixing\u003Cbr \u002F>\n* Rescan button with toast notification (no page reload)\u003Cbr \u002F>\n* Dark mode toggle\u003Cbr \u002F>\n* Scan spinner and auto-scan status badge\u003Cbr \u002F>\n* Score cards hidden by default until first scan runs\u003Cbr \u002F>\n* Inline metric tooltips\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Performance\u003C\u002Fstrong>\u003Cbr \u002F>\n* Aggressive transient caching (12–24hr TTL) across all check classes\u003Cbr \u002F>\n* Zero front-end footprint — all scans run in wp-admin only\u003C\u002Fp>\n\u003Ch4>Squish Site Patrol Patched — $15\u002Fmo\u003C\u002Fh4>\n\u003Cp>Upgrade to Patched for automatic monitoring and advanced protection:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Scheduled automatic daily scans\u003C\u002Fli>\n\u003Cli>Weekly HTML email reports\u003C\u002Fli>\n\u003Cli>Email alerts when issues are found\u003C\u002Fli>\n\u003Cli>Magic link login — passwordless one-time login links\u003C\u002Fli>\n\u003Cli>Failed login attempt monitoring\u003C\u002Fli>\n\u003Cli>SSL certificate expiry alerts\u003C\u002Fli>\n\u003Cli>Real-time file change monitoring with baseline comparison\u003C\u002Fli>\n\u003Cli>Reset file monitoring baseline after legitimate updates\u003C\u002Fli>\n\u003Cli>wp-config.php permissions check\u003C\u002Fli>\n\u003Cli>XML-RPC status check\u003C\u002Fli>\n\u003Cli>Debug mode detection\u003C\u002Fli>\n\u003Cli>HTTP security headers check\u003C\u002Fli>\n\u003Cli>Admin account audit — flags inactive admin accounts\u003C\u002Fli>\n\u003Cli>Database prefix check — flags default wp_ prefix\u003C\u002Fli>\n\u003Cli>Directory listing detection\u003C\u002Fli>\n\u003Cli>Email breach check via HaveIBeenPwned\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Ch4>Google PageSpeed Insights API\u003C\u002Fh4>\n\u003Cp>Used to analyze page speed and Core Web Vitals for any URL entered by the user. Data sent: the URL being scanned. This call is only made when the user clicks “Run scan”.\u003Cbr \u002F>\n* Service: https:\u002F\u002Fdevelopers.google.com\u002Fspeed\u002Fdocs\u002Finsights\u002Fv5\u002Fabout\u003Cbr \u002F>\n* Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003Cbr \u002F>\n* Terms: https:\u002F\u002Fdevelopers.google.com\u002Fterms\u003C\u002Fp>\n\u003Ch4>WordPress.org Checksums API\u003C\u002Fh4>\n\u003Cp>Used to verify the integrity of WordPress core files by comparing them against official checksums. No user data is sent — only the WordPress version number and locale.\u003Cbr \u002F>\n* Service: https:\u002F\u002Fapi.wordpress.org\u002Fcore\u002Fchecksums\u002F1.0\u002F\u003Cbr \u002F>\n* Privacy: https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\u003C\u002Fp>\n\u003Ch4>ipapi.co\u003C\u002Fh4>\n\u003Cp>Used to determine the country of origin for login attempts when Geo IP country blocking is enabled. Data sent: the visitor’s IP address. This check only runs on the login page when the feature is active.\u003Cbr \u002F>\n* Service: https:\u002F\u002Fipapi.co\u003Cbr \u002F>\n* Privacy: https:\u002F\u002Fipapi.co\u002Fprivacy\u002F\u003C\u002Fp>\n\u003Ch4>HaveIBeenPwned API (Patched only)\u003C\u002Fh4>\n\u003Cp>Used to check if admin email addresses appear in known data breach databases. Requires a valid HIBP API key configured in settings.\u003Cbr \u002F>\n* Service: https:\u002F\u002Fhaveibeenpwned.com\u002FAPI\u002Fv3\u003Cbr \u002F>\n* Privacy: https:\u002F\u002Fhaveibeenpwned.com\u002FPrivacy\u003Cbr \u002F>\n* Terms: https:\u002F\u002Fhaveibeenpwned.com\u002FAPI\u002Fv3#license\u003C\u002Fp>\n\u003Ch4>Freemius\u003C\u002Fh4>\n\u003Cp>Used to manage the Patched premium subscription, licensing, and payments. Data sent upon upgrade: site URL, WordPress version, plugin version, and user email if the user opts in.\u003Cbr \u002F>\n* Service: https:\u002F\u002Ffreemius.com\u003Cbr \u002F>\n* Privacy: https:\u002F\u002Ffreemius.com\u002Fprivacy\u002F\u003Cbr \u002F>\n* Terms: https:\u002F\u002Ffreemius.com\u002Fterms\u002F\u003C\u002Fp>\n","Complete WordPress security, malware scanning, login protection, and performance monitoring in one clean dashboard.",193,"2026-04-12T19:12:00.000Z","6.9.4","6.0","8.0",[25,26,27,28,29],"login-protection","malware-scanner","security","two-factor-authentication","vulnerability-scanner","https:\u002F\u002Fsquish.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsquish-site-patrol.1.5.0.zip",null,"2026-04-16T10:56:18.058Z"]