WP-Safety

Health Monitor Security & Risk Analysis

wordpress.org/plugins/health-monitor

Health Monitor is designed to help you keep your website running smoothly. It continuously checks your site’s performance, security, and overall healt …

20 active installs v1.4.3 PHP 8.0+ WP 5.2+ Updated Jun 25, 2025
error-trackingoptimizationsite-healthsystem-diagnosticsuptime-monitoring
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Health Monitor Safe to Use in 2026?

Generally Safe

Score 100/100

Health Monitor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago
Risk Assessment

The health-monitor plugin v1.4.3 exhibits a mixed security posture. On the positive side, there are no known critical vulnerabilities (CVEs) or taint analysis issues, and the plugin generally follows good practices regarding SQL prepared statements and output escaping. The lack of bundled libraries and external HTTP requests is also a positive indicator. However, a significant concern arises from the substantial attack surface, with 8 out of 12 AJAX handlers lacking authentication checks. This could potentially expose sensitive functionality to unauthorized users, depending on the actions performed by these handlers. The presence of nonce checks and capability checks on some AJAX handlers is a good start, but the majority remain unprotected.

While the vulnerability history is clean, which is a strong positive, it does not negate the immediate risks identified in the static analysis. The plugin's overall security is hindered by the unprotected entry points. Future analysis should focus on understanding the exact functionality of these unprotected AJAX handlers and ensuring appropriate access controls are implemented. Without this, the risk, while not exploited in the past, remains present.

Key Concerns

  • Unprotected AJAX handlers
  • Majority of AJAX handlers lack auth checks
  • SQL queries with prepared statements at 72%
  • Output escaping at 91%
Vulnerabilities
None known

Health Monitor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Health Monitor Release Timeline

v1.4.3Current
v1.4.2
v1.4.1
v1.4.0
v1.3.1
v1.3.0
v1.2.0
Code Analysis
Analyzed Mar 16, 2026

Health Monitor Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
21 prepared
Unescaped Output
15
152 escaped
Nonce Checks
3
Capability Checks
7
File Operations
1
External Requests
20
Bundled Libraries
0

SQL Query Safety

72% prepared29 total queries

Output Escaping

91% escaped167 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<class-data-functions> (includes\class-data-functions.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Health Monitor Attack Surface

Entry Points12
Unprotected8

AJAX Handlers 12

authwp_ajax_get_lighthouse_scores_ajaxincludes\class-api-lighthouse.php:58
noprivwp_ajax_get_lighthouse_scores_ajaxincludes\class-api-lighthouse.php:59
authwp_ajax_health_monitor_run_site_scanincludes\class-data-functions.php:25
noprivwp_ajax_health_monitor_run_site_scanincludes\class-data-functions.php:26
authwp_ajax_load_wordpress_environmentincludes\class-reports-view-ajax.php:9
authwp_ajax_load_server_environmentincludes\class-reports-view-ajax.php:10
authwp_ajax_load_database_infoincludes\class-reports-view-ajax.php:11
authwp_ajax_load_post_type_countsincludes\class-reports-view-ajax.php:12
authwp_ajax_load_security_infoincludes\class-reports-view-ajax.php:13
authwp_ajax_load_theme_infoincludes\class-reports-view-ajax.php:14
authwp_ajax_load_active_pluginsincludes\class-reports-view-ajax.php:15
authwp_ajax_load_logged_errorsincludes\class-reports-view-ajax.php:16
WordPress Hooks 12
actionadmin_menuadmin\class-admin-menu.php:20
actionadmin_initadmin\class-admin-settings.php:13
actionwp_loadedincludes\class-cron-jobs.php:20
actionwp_loadedincludes\class-cron-jobs.php:21
actionwp_loadedincludes\class-cron-jobs.php:22
actionhealth_monitor_daily_lighthouse_scoresincludes\class-cron-jobs.php:29
actionhealth_monitor_hourly_check_email_notificationincludes\class-cron-jobs.php:30
actionhealth_monitor_cleanup_old_recordsincludes\class-cron-jobs.php:31
actionadmin_initincludes\class-health-monitor.php:76
actionadmin_menuincludes\class-health-monitor.php:79
actionadmin_enqueue_scriptsincludes\class-health-monitor.php:82
actionadmin_enqueue_scriptsincludes\class-health-monitor.php:83

Scheduled Events 3

health_monitor_daily_lighthouse_scores
health_monitor_hourly_check_email_notification
health_monitor_cleanup_old_records
Maintenance & Trust

Health Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 25, 2025
PHP min version8.0
Downloads872

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Health Monitor Alternatives

Performance Lab

Performance Lab

performance-lab

A
100

Performance plugin from the WordPress Performance Team, which is a collection of standalone performance features.

200K 1 CVE
DiveWP – Boost Site Performance with Clear, Actionable Steps

DiveWP – Boost Site Performance with Clear, Actionable Steps

divewp-boost-site-performance

A
100

Learn WP Best Practices Through Your Own Site! Get clear insights about Performance, Security, and Best Practices – explained in plain English.

200 No CVEs
BoltAudit – Plugin & Performance Analyzer

BoltAudit – Plugin & Performance Analyzer

boltaudit

A
100

BoltAudit helps you identify bloated, unused, abandoned, and performance-heavy plugins—plus database bloat, autoloaded options, and runtime impact.

100 No CVEs
Watchman Tower

Watchman Tower

watchman-tower

A
100

Centralized WordPress monitoring for agencies. Track uptime, performance, SSL, and site health across multiple client sites.

10 No CVEs
HealthSweep Site Monitor – Advanced Site Health & Performance Tools

HealthSweep Site Monitor – Advanced Site Health & Performance Tools

healthsweep-site-monitor

A
100

Advanced WordPress Site Health, performance, security, cleanup, snapshots, alerts, and local speed benchmarking for admins.

0 No CVEs
Developer Profile

Health Monitor Developer Profile

twohourssleep

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Health Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/health-monitor/assets/css/admin-style.css/wp-content/plugins/health-monitor/assets/css/reports.css/wp-content/plugins/health-monitor/assets/js/admin-scripts.js/wp-content/plugins/health-monitor/assets/js/charts.js/wp-content/plugins/health-monitor/assets/js/health-monitor-lighthouse-report.js/wp-content/plugins/health-monitor/assets/images/health-monitor.svg
Script Paths
/wp-content/plugins/health-monitor/assets/js/admin-scripts.js/wp-content/plugins/health-monitor/assets/js/charts.js/wp-content/plugins/health-monitor/assets/js/health-monitor-lighthouse-report.js
Version Parameters
health-monitor/assets/css/admin-style.css?ver=health-monitor/assets/css/reports.css?ver=health-monitor/assets/js/admin-scripts.js?ver=health-monitor/assets/js/charts.js?ver=health-monitor/assets/js/health-monitor-lighthouse-report.js?ver=

HTML / DOM Fingerprints

CSS Classes
health-monitor-headerhealth-monitor-title-wprhealth-monitor-titlehealth-monitor-iconhealth-monitor-authorhealth-monitor-ctacta-wprcta-text+2 more
Data Attributes
id="health-monitor"
JS Globals
health_monitor_lighthouse_args
FAQ

Frequently Asked Questions about Health Monitor