Production-grade WordPress plugin for operational monitoring with automated health checks and configurable multi-channel alerting.
"I don't know what's happening until it breaks."
This plugin provides an operational dashboard in wp-admin with automated health checks and configurable alerting (email, webhook, Slack, Telegram, WhatsApp), so you know what's happening before it breaks.
- 5 Health Checks - Database, Error Logs, Redis, Disk Space, Versions (WP/PHP) | details
- 5 Alert Channels - Email, Webhook (HMAC), Slack (Block Kit), Telegram, WhatsApp | details
- Admin UI - Health Dashboard page, Alert Settings page, Dashboard widget | details
- WP-Cron Scheduling - Automated checks every 15 minutes with status-change alerting
- Anti-SSRF - DNS pinning, private IP blocking, scheme/port restriction on all outbound HTTP
Built with dependency injection, interface-first design, and strict TDD. No singleton, no static, no final.
See the Architecture wiki page for design patterns, directory structure, component graph, and core principles.
- PHP: 7.4+ (minimum), 8.3+ (recommended)
- WordPress: 5.8+
- MySQL: 5.7+ or MariaDB 10.2+
- Composer: For development dependencies
- Download the latest release from GitHub Releases or build the ZIP via
bin/build-zip.sh. - Upload the ZIP file via
Plugins -> Add New -> Upload Pluginin wp-admin. - Activate via WordPress admin.
- Navigate to
Ops -> Health Dashboard.
git clone https://github.com/mab056/ops-health-dashboard.git
cd ops-health-dashboard
composer install
composer test:unit # Fast, no WordPress neededFor the full development workflow (integration tests, E2E, test matrix, build), see the Development Workflow wiki page.
Three-layer test strategy: unit (Brain\Monkey), integration (WP Test Suite), E2E (Playwright + wp-env). TDD workflow: RED -> GREEN -> REFACTOR.
For commands, test matrix, TDD examples, and coverage details, see the Testing and Quality wiki page.
Defense-in-depth: capability checks, nonces, input sanitization, output escaping, data redaction (11 patterns), anti-SSRF with DNS pinning, per-channel injection protection, cooldown pre-dispatch, catch (\Throwable) isolation.
For the full security model, see the Security wiki page and SECURITY.md.
Current milestone: M6 - WordPress.org Readiness
- 31 source files in
src/, 2 CSS files inassets/css/ - 55 PHP test files (31 unit + 24 integration)
- 574 unit tests, 1336 assertions (Brain\Monkey)
- 322 integration tests, 655 assertions single-site / 684 multisite (WP Test Suite)
- 46 E2E scenarios x 3 viewports = 138 test executions (Playwright)
- Coverage: 100% classes, 100% methods, 100% lines (unit + integration + multisite combined)
- PHPCS: 100% compliance (0 errors, 0 warnings)
- PHPStan: level 6, 0 errors
- M0: Setup & Infrastructure (TDD, CI/CD, core classes)
- M1: Core Checks + Storage + Cron
- M2: Secure Error Log Summary
- M3: Redis Check
- M4: Alerting System (Email, Webhook, Slack, Telegram, WhatsApp + anti-SSRF)
- M5: New Checks + Dashboard Widget + E2E Testing (Playwright)
- M6: WordPress.org Readiness (uninstall.php, readme.txt, ABSPATH guards)
See the Roadmap wiki page for future milestones (M7-M9).
We welcome contributions! See CONTRIBUTING.md and the Development Workflow wiki page for TDD requirements, coding standards, and pull request process.
Do not open public issues for vulnerabilities.
- Preferred: GitHub Security Advisory
- Email:
info@mattiabondrano.dev
See SECURITY.md.
GPL-3.0-or-later - see LICENSE.
- Mattia Bondrano - GitHub
Developed with the support of Claude Code (Opus 4.5, 4.6, Sonnet 4.5) and Codex (Codex 5.2, 5.3).
- Wiki: Project Wiki
- Issues: GitHub Issues
- Contributing: CONTRIBUTING.md