Skip to content
Verdant Studio logo

Security

We maintain and improve this plugin with security in mind, a simple example is the fact that the data is send to the monitor site and not fetched from any site. The monitor site does not need access to any production site to collect metrics. However we do recommend you follow the security best practices below to further improve your websites security.

Security best practices

Make sure the monitor site is private

The collected metrics are not directly sensitive, however indirectly, metrics such as the current versions of installed plugins can give hackers a clue where to look for weaknesses. For this reason we recommend you make sure the monitor site can only be viewed by you and your team via VPN connection or IP whitelist for example.

Make sure the monitor site is a single purpose site

This plugin uses the WordPress application password feature to allow the sites you want to watch to access private endpoints on the monitor site. We recommend you only use a monitor site for this single purpose. Do not use it as a real website and do not mix it with any other sensitive information. That said, we use AES-256 encryption on the password to make it virtually uncrackable by brute force even if it were to be leaked.