SiteBrief is a site health reporting plugin that lets WordPress site owners create clean reports and share them securely with developers, freelancers, or agencies without handing over admin credentials.

WordPress collects detailed environment info through Site Health, but that page requires admin access and exposes sensitive data like database credentials and file paths. SiteBrief fixes this with a whitelist filter that only includes safe, approved fields. Everything else is excluded automatically.

🔧 How It Works

Go to Tools > SiteBrief in your WordPress admin dashboard
Toggle on the sections you want to include (all 15 are on by default)
Optionally set a password and choose how long the link stays active (1 hour to 30 days)
Click Generate Link. The URL is copied to your clipboard automatically
Send the link to your developer, agency, or support team
They open it in any browser, no login needed, and see a clean report with only the info you chose to share

Prefer not to share a link? Click Export TXT or Export JSON to download the report as a file instead. Attach it to a support ticket, email, or Slack message.

Want to hide your site identity? Enable Brand Masking before generating. It replaces your real site name and domain with aliases you pick, so the recipient sees the technical details without knowing which site it is.

✨ Features

Shareable links: Each report gets a unique URL. Set expiry from 1 hour to 30 days. Expired links show a clean message, no leaked data.
Password protection: Add a password to any link. Rate limited to 5 attempts per IP per hour.
Brand masking: Replace your site name and domain with aliases throughout the entire report. The plugin auto detects and replaces all occurrences across every field value.
Section controls: 15 sections, all on by default. Toggle off what you do not need.
Text export: Download a plain .txt file with aligned labels and values. Zero dependencies, works everywhere, easy to paste into tickets or emails.
JSON export: Download the full report as structured JSON for automated processing, importing into other tools, or archiving.
Share management: See all shares in a table with status, views, expiry, and one click revoke. New rows blink and scroll into view automatically.
Auto cleanup: Weekly cron removes expired records. No maintenance needed.

📋 Report Sections

WordPress Environment: Version, locale, timezone, permalink structure, HTTPS status, multisite, environment type, user count
Site Overview: WP Cron status, scheduled events count, object cache type, persistent cache, REST API status, XML RPC status, published content counts, and custom post types
Server Configuration: PHP version, SAPI, memory limits, upload limits, execution time, cURL, imagick, pretty permalinks
Database Info: Extension type, server version, client version, max allowed packet, max connections
Plugins: Active, inactive, and must use plugins combined in one section with parsed version numbers, author info, update available badges, and auto update status
Themes: Active theme details, parent theme info, and inactive themes combined with the same parsed display
Directory Sizes: WordPress core, uploads, themes, plugins, database, and total with descriptive path labels
Filesystem Permissions: Writable status per directory with all paths stripped
Constants: WP_DEBUG, WP_CACHE, memory limits, cron settings, auto update settings, and more
Media Handling: Image editor, supported formats, GD and Imagick versions, upload limits
Drop ins: List of active drop in files like object-cache.php and db.php

🚫 What Is Always Excluded

Database username, password, host, and name. Table prefix. ABSPATH and all file paths. IP addresses. Admin email. Auth keys and salts. If a field is not on the whitelist, it cannot appear in any report.

⚙️ Security Engine

Whitelist filtering: Only approved fields are included. Database credentials, file paths, API keys, and IPs are never in the output.
Token security: Each link uses a 64 character random token with SHA-256 hashed storage. The full token is never stored in the database.
Password protection: Add a password to any link. Passwords are hashed with bcrypt via wp_hash_password().
Rate limiting: Failed password attempts are capped at 5 per IP per hour via transients.
Path stripping: Multilayered. Known constants replaced with [path], plus regex for Unix style absolute paths.
Immutable snapshots: Report data is captured and frozen at generation time. Changes to your site after generation do not affect the report.

⚡ Performance

Zero frontend impact: Nothing loads on normal pages. Admin assets load only on the SiteBrief page. Public code only runs when someone visits a share link.
Object caching: Share lookups use wp_cache_get/set with the sitebrief group. Cache is invalidated on create, delete, and cleanup.
Directory size caching: Calculated sizes are stored in a transient for one hour to avoid repeated filesystem scans.
Auto cleanup: Weekly cron removes expired records. No maintenance needed.

🎨 Display

Standalone report page: Public reports render as a standalone HTML document outside the active theme. Clean, professional, mobile responsive.
WordPress dashicons: Section headers use native WordPress dashicons for familiar visual cues.
Collapsible sections: All sections expand and collapse with smooth animations.
Status badges: Values like Yes/No, Enabled/Disabled, and environment types automatically get color coded pill badges.
Smart plugin/theme display: Combined sections with parsed version numbers, author info, and update available badges.
Copy to clipboard: One click copies the entire report as plain text.
Print styles: Clean print output with no action buttons or navigation.

🔌 Developer Friendly

No build step: Vanilla JS and CSS. No npm, no webpack, no bundler.
Filter hooks: meshpros_report_brand lets themes customize the report branding.
GDPR compliant: Privacy exporter and eraser hooks registered for personal data requests.

🛡️ Secure and Private

Nonce verification, capability checks, and input sanitization on every request. No external API calls, no tracking, no third party dependencies. Everything runs entirely on your server.

🏢 Custom Development

Need a custom report section, a white label version, or integration with your support workflow? We build tailored solutions for agencies and hosting companies. Contact [email protected] for a quote.