SiteBrief

描述

SiteBrief is a site health reporting plugin that lets WordPress site owners create clean reports and share them securely with developers, freelancers, or agencies without handing over admin credentials.

WordPress collects detailed environment info through Site Health, but that page requires admin access and exposes sensitive data like database credentials and file paths. SiteBrief fixes this with a whitelist filter that only includes safe, approved fields. Everything else is excluded automatically.

🔧 How It Works

1. Go to Tools > SiteBrief in your WordPress admin dashboard
2. Toggle on the sections you want to include (all 15 are on by default)
3. Optionally set a password and choose how long the link stays active (1 hour to 30 days)
4. Click Generate Link. The URL is copied to your clipboard automatically
5. Send the link to your developer, agency, or support team
6. They open it in any browser, no login needed, and see a clean report with only the info you chose to share

Prefer not to share a link? Click Export TXT or Export JSON to download the report as a file instead. Attach it to a support ticket, email, or Slack message.

Want to hide your site identity? Enable Brand Masking before generating. It replaces your real site name and domain with aliases you pick, so the recipient sees the technical details without knowing which site it is.

✨ Features

• Shareable links: Each report gets a unique URL. Set expiry from 1 hour to 30 days. Expired links show a clean message, no leaked data.
• Password protection: Add a password to any link. Rate limited to 5 attempts per IP per hour.
• Brand masking: Replace your site name and domain with aliases throughout the entire report. The plugin auto detects and replaces all occurrences across every field value.
• Section controls: 15 sections, all on by default. Toggle off what you do not need.
• Text export: Download a plain .txt file with aligned labels and values. Zero dependencies, works everywhere, easy to paste into tickets or emails.
• JSON export: Download the full report as structured JSON for automated processing, importing into other tools, or archiving.
• Share management: See all shares in a table with status, views, expiry, and one click revoke. New rows blink and scroll into view automatically.
• Auto cleanup: Weekly cron removes expired records. No maintenance needed.

📋 Report Sections

• WordPress Environment: Version, locale, timezone, permalink structure, HTTPS status, multisite, environment type, user count
• Site Overview: WP Cron status, scheduled events count, object cache type, persistent cache, REST API status, XML RPC status, published content counts, and custom post types
• Server Configuration: PHP version, SAPI, memory limits, upload limits, execution time, cURL, imagick, pretty permalinks
• Database Info: Extension type, server version, client version, max allowed packet, max connections
• Plugins: Active, inactive, and must use plugins combined in one section with parsed version numbers, author info, update available badges, and auto update status
• Themes: Active theme details, parent theme info, and inactive themes combined with the same parsed display
• Directory Sizes: WordPress core, uploads, themes, plugins, database, and total with descriptive path labels
• Filesystem Permissions: Writable status per directory with all paths stripped
• Constants: WP_DEBUG, WP_CACHE, memory limits, cron settings, auto update settings, and more
• Media Handling: Image editor, supported formats, GD and Imagick versions, upload limits
• Drop ins: List of active drop in files like object-cache.php and db.php

🚫 What Is Always Excluded

Database username, password, host, and name. Table prefix. ABSPATH and all file paths. IP addresses. Admin email. Auth keys and salts. If a field is not on the whitelist, it cannot appear in any report.

⚙️ Security Engine

• Whitelist filtering: Only approved fields are included. Database credentials, file paths, API keys, and IPs are never in the output.
• Token security: Each link uses a 64 character random token with SHA-256 hashed storage. The full token is never stored in the database.
• Password protection: Add a password to any link. Passwords are hashed with bcrypt via wp_hash_password().
• Rate limiting: Failed password attempts are capped at 5 per IP per hour via transients.
• Path stripping: Multilayered. Known constants replaced with [path], plus regex for Unix style absolute paths.
• Immutable snapshots: Report data is captured and frozen at generation time. Changes to your site after generation do not affect the report.

⚡ Performance

• Zero frontend impact: Nothing loads on normal pages. Admin assets load only on the SiteBrief page. Public code only runs when someone visits a share link.
• Object caching: Share lookups use wp_cache_get/set with the sitebrief group. Cache is invalidated on create, delete, and cleanup.
• Directory size caching: Calculated sizes are stored in a transient for one hour to avoid repeated filesystem scans.
• Auto cleanup: Weekly cron removes expired records. No maintenance needed.

🎨 Display

• Standalone report page: Public reports render as a standalone HTML document outside the active theme. Clean, professional, mobile responsive.
• WordPress dashicons: Section headers use native WordPress dashicons for familiar visual cues.
• Collapsible sections: All sections expand and collapse with smooth animations.
• Status badges: Values like Yes/No, Enabled/Disabled, and environment types automatically get color coded pill badges.
• Smart plugin/theme display: Combined sections with parsed version numbers, author info, and update available badges.
• Copy to clipboard: One click copies the entire report as plain text.
• Print styles: Clean print output with no action buttons or navigation.

🔌 Developer Friendly

• No build step: Vanilla JS and CSS. No npm, no webpack, no bundler.
• Filter hooks: meshpros_report_brand lets themes customize the report branding.
• GDPR compliant: Privacy exporter and eraser hooks registered for personal data requests.

🛡️ Secure and Private

Nonce verification, capability checks, and input sanitization on every request. No external API calls, no tracking, no third party dependencies. Everything runs entirely on your server.

🏢 Custom Development

Need a custom report section, a white label version, or integration with your support workflow? We build tailored solutions for agencies and hosting companies. Contact [email protected] for a quote.