This plugin adds auditing functionality to Wordpress. It does this by adding extra \nREST API endpoints. Using these endpoints it is possible to:\n- see the version of core\n- see whether there is an update available for core\n- see what plugins are installed\n- see whether these plugins have been actived\n- see whether these plugins have autoupdate enabled\n- see whether these plugins have updates\n- see a list of vulnerabilities for these plugins\n- see what themes are installed\n- check if 2FA is enabled\n- see MD5 hashes of all theme and plugin folders<\/p>\n\n
For installations where the RESTAPI is disabled, the plugin can also push this information to an endpoint.\nThis will work for installations that are behind a geoblock or have no RESTAPI. To disable this, remove the\ncronjob.<\/p>\n\n
For getting vulnerabilities of Wordpress components this plugin can use the WPVulnerability plugin \n(https:\/\/wordpress.org\/plugins\/wpvulnerability\/). If this plugin is installed, it will be used, otherwise this plugin\nwill work without the information from WPVulnerabilty plugin.
\nWithout installing this dependancy no data is transferred to WPVulnerability. Please see https:\/\/www.wpvulnerability.com\/privacy\/\nfor more information.<\/p>\n\n
In order to determine the latest version of installed software components this plugin uses the following\nexternal services:\nGitHub<\/em>\nTerms of Service: https:\/\/docs.github.com\/en\/site-policy\/github-terms\/github-terms-of-service\nPrivacy Statement: https:\/\/docs.github.com\/en\/site-policy\/privacy-policies\/github-general-privacy-statement\n- Releases list from ImageMagick github repository (https:\/\/api.github.com\/repos\/ImageMagick\/ImageMagick\/releases)\n- Releases list from curl github repository (https:\/\/api.github.com\/repos\/curl\/curl\/releases)\nSlider Revolution<\/em>\nTerms of Service: https:\/\/www.sliderrevolution.com\/terms\/\nPrivacy Statement: https:\/\/www.sliderrevolution.com\/terms\/privacy\/\n- Changelog documentation from Slider Revolution website (https:\/\/www.sliderrevolution.com\/documentation\/changelog\/)<\/p>\n\n Apart from the usual headers (ip-address, UserAgent) used in a GET request no other information is send to these services.\nSpecifically no version information is transmitted to external services.<\/p>\n\n If you fill out an external url in the callback URL field in the settings, a Wordpress cronjob will send a POST request \nwith the audit data to this URL daily.<\/p>\n\n\n Install the plugin via the Wordpress \"Plugins\" menu in Wordpress and then \nactivate using the blue \"Activate\" button.\nYou can add a new user with restrictive role to your Wordpress installation from within the plugin settings page\nby clicking on a button.<\/p>\n\n\n We use as little rights as possible to get the data from Wordpress.\n
Is it safe?<\/h3><\/dt>\n
\nThe API endpoint does not include any POST, PUT or DELETE methods, so it is read-only.\nIf you do see a problem with this plugin, please contact us:\nhttps:\/\/cloudaware.eu\/.well-known\/security.txt<\/p><\/dd>\n\n<\/dl>\n\n\nv1.0.12<\/h4>\n\n
\n
v1.0.11<\/h4>\n\n
\n
v1.0.10<\/h4>\n\n
\n
v1.0.9<\/h4>\n\n
\n
v1.0.8<\/h4>\n\n
\n
v1.0.7<\/h4>\n\n
\n
v1.0.6<\/h4>\n\n
\n
v1.0.5<\/h4>\n\n
\n
v1.0.4<\/h4>\n\n
\n
v1.0.0<\/h4>\n\n
\n