🎉 Use coupon MYXERO to enjoy 20% recurring discount on any plan. View Pricing
XeroWP
Uptrue Monitor
Uptrue Monitor

Uptrue Monitor

0/5 (0 ratings) — active installs Updated May 8, 2026
file scanmalwaremonitoringsecurityuptime
Download v1.2.4 Plugin Website

Uptrue Monitor keeps an eye on your WordPress site from the inside, detecting threats and misconfigurations that external uptime monitors will never catch.

It works by running scheduled checks on your server and either sending findings to your Uptrue dashboard or emailing you a free monthly health report — no Uptrue account required to get started.

No inbound ports. No firewall changes. Works behind Cloudflare.

What it monitors

File Security
* PHP files injected into your /uploads/ directory
* JavaScript files injected into /uploads/
* Executable files (.sh, .exe, .py, .bat) in /uploads/
* WordPress core file modifications (wp-login.php, wp-settings.php, wp-admin/admin.php)
* Active theme file changes (functions.php)
* .htaccess and wp-config.php modification detection
* World-writable directory permissions

User & Access Security
* New administrator and editor accounts
* Login failure tracking (brute force detection)
* REST API user enumeration exposure
* Application passwords in use
* XML-RPC enabled status
* Two-factor authentication plugin detection

Content Integrity
* Foreign-language content injection — detects Chinese, Russian, Arabic, Hindi, Thai, Japanese, Korean, Hebrew, Bengali, and Georgian characters in page titles, slugs, and content (SEO spam detection)
* New pages and posts published since last check

Configuration & Health
* Plugin updates available
* Theme updates available
* WordPress core auto-update status
* Backup plugin presence
* Debug mode (WP_DEBUG) status
* Spam comment volume
* Database size
* Disk usage

Two ways to use it

Standalone (free, no account needed)
Install the plugin and get a free monthly health report delivered to your WordPress admin email. No signup required.

Connected to Uptrue (real-time alerts)
Add your Uptrue API token to get real-time alerts, a live security dashboard, AI-powered fix suggestions, and full historical reports. Create a free account at uptrue.io.

How it works

The plugin runs on a schedule using WordPress cron (every 60–240 minutes, configurable). On each run it collects site health data and either pushes it to Uptrue or stores it locally for the monthly report. There are no inbound connections — your server always initiates the outbound request.

Privacy

This plugin does not contact any external service until you explicitly opt in by saving an Uptrue API token in Uptrue Settings. With no token saved, the plugin runs only local checks on your server and (optionally) emails the monthly health report to your WordPress admin email. No data leaves your server in standalone mode. Saving a token is treated as your explicit consent for the plugin to begin transmitting site health data to Uptrue. Clearing the token field stops all transmission immediately. See the Third Party Services section below for the full list of fields sent.

Third Party Services

This plugin transmits data to Uptrue (https://uptrue.io), a website monitoring service operated by Vision Software Solutions Limited, Brentford, United Kingdom.

When data is transmitted:

  1. When you save an API token — a one-time connectivity self-test is performed to verify the connection. This only runs after you have entered a token and clicked Save.
  2. On each scheduled cron run (every 60–240 minutes) — site health data is pushed to Uptrue.

No data is transmitted if no API token is saved. The plugin makes no outbound connections on activation or deactivation.

Data transmitted includes:

  • WordPress version and PHP version
  • List of active and inactive plugins with version numbers and available update status
  • Active theme name, version, and available update status
  • Admin and editor user accounts: login name, email address, roles, and registration date
  • Recently published pages and posts: title, slug, status, and author ID
  • Results of file scans: PHP, JavaScript, and executable files found in /uploads/; .htaccess and wp-config.php modification flags; core file modification flags; theme file modification flags; world-writable directory paths
  • Security configuration: XML-RPC status, REST API user enumeration exposure, application passwords in use, auto-update settings, two-factor authentication plugin presence, backup plugin presence, daily login failure count, spam comment count, disk usage percentage and free space
  • Foreign-language content detection: post IDs, titles, slugs, detected language, and URLs of any pages with non-Latin content
  • Site URL, database size, and basic site statistics (total pages, posts, users by role)

Uptrue Terms of Service: https://uptrue.io/terms
Uptrue Privacy Policy: https://uptrue.io/privacy