WordPress

Audit Export is provided via a WordPress plugin that gives administrators and developers a clear, structured view into how their site is put together. It inspects plugins, themes, content types, taxonomies, menus, widgets, users, roles, and general site configuration, then turns all of that into exportable, script-friendly reports. Think of it as a regular health report for your WordPress installation, only with fewer lecture slides and more CSVs.

At the time of writing, the plugin is pending review for inclusion in the official WordPress.org plugin directory. Once it is approved, you will be able to install it like any other plugin. Until then, you can follow it on the Audit Export plugin page.

Who is Audit Export for?

Agencies managing lots of client sites
If you maintain a portfolio of WordPress installations, you need consistent answers to simple questions:

• What plugins are installed and which need updates?
• How many posts, pages, or products are we dealing with?
• How are user roles configured on each site?

Audit Export gives you standardized reports you can automate across environments and pipe into whatever dashboard or inventory system you are already using.

DevOps and engineering teams
You live in terminals, not in wp-admin. Audit Export integrates with WP-CLI, so you can run audits, export data, manage cron, and test remote connections using commands like wp audit-export run --all or wp audit-export export plugins --format=json. (WP-CLI)

Site administrators and content managers
If you are responsible for “keeping the site clean,” the plugin helps answer:

• Which post types are actually in use, and how full are they?
• Do we have menus that are no longer assigned anywhere?
• Which widget areas are full of mystery legacy widgets?

Security and compliance teams
The Users and Roles audit and the Plugins audit give you a structured snapshot of who can do what and which plugins may need attention, which is exactly the sort of thing security and compliance checklists like to nag you about.

Freelancers and consultants
Starting a new engagement with a “mature” WordPress site can be… exciting. Running Audit Export once gives you a quick, trustworthy inventory of the install so you can talk about scope and risk from a position of knowledge instead of vibes.

What the plugin actually audits

Out of the box, Audit Export ships with eight audit types grouped into general, system, content, and user categories:

• Site Report: PHP version, WordPress version, URL, active theme, multisite status, debug mode, timezone, and SSL usage.
• Plugins: Installed plugins with version, author, status (active, inactive, network), whether they are network-activated, and whether updates are available.
• Themes: Installed themes with status, parent/child relationships, and update availability.
• Content Types: All meaningful post types with published/draft/private/trash counts, plus flags for public and hierarchical. System-only types like revision and oembed_cache are excluded to keep the signal high.
• Taxonomies: Taxonomy labels, term counts, whether they are public/hierarchical, and which post types they attach to.
• Menus: Menu names, IDs, item counts, assigned locations, and last modified dates.
• Widgets: Widget areas (sidebars), their IDs, and which widgets are currently active.
• Users and Roles: Role names, display labels, user counts, capability counts, and a “key capabilities” summary for each role.

All of these audits share a consistent internal structure (headers + data rows) so they are easy to export and automate against.

How do you use it day to day

Via the WordPress admin

After activation, you get an Audit Export section in the admin menu. From there, you can:

• Run individual audits from the UI
• View stored report data from the database
• Configure file export (where CSVs are stored)
• Turn cron processing on or off and tune its frequency
• Configure remote posting (URL, auth, timeouts, SSL verification, debug mode)

Exports can be saved to the filesystem (uploads directory or wp-content) under a configurable subdirectory like audit-export/, making it easy to pick them up with other tools.

Via WP-CLI

If you prefer the command line, the plugin registers a full command namespace: wp audit-export. You get subcommands for:

• wp audit-export list – list all audits and when they last ran
• wp audit-export run – run one, several, or all audits, with output as table, CSV, JSON, or YAML
• wp audit-export export – export a specific audit to a file or stdout
• wp audit-export cron – check status, enable/disable, run cron jobs manually
• wp audit-export test-connection – test the remote endpoint
• wp audit-export force-post – push a specific audit to the remote API
• wp audit-export info – show plugin version and configuration at a glance

Because it is all WP-CLI, you can slot these commands directly into deployment scripts, CI pipelines, or scheduled tasks on your host. If you are new to WP-CLI, the WP-CLI docs and command list are helpful references. (WP-CLI)

Scheduled audits with WP-Cron

For ongoing visibility, Audit Export hooks into WP-Cron so audits can run automatically on a schedule. You can: (WordPress Developer Resources)

• Enable cron processing
• Run audits on every cron invocation (for high-traffic, high-change sites)
• Set a custom interval in minutes (for example, every 60, 1440, or 10,080 minutes)
• Set a maximum processing time per audit to avoid long-running jobs

This lets you keep a fresh set of reports without anyone having to remember to click “Run audit.”

Optional remote posting

If you operate a central dashboard or monitoring system, the plugin can POST audit results to a remote endpoint, using no auth, Basic auth, or a Bearer token. It sends structured JSON with site metadata (name, host, versions) and the report data (headers, rows, counts), so your external system can store or visualize it.

Hooks let you customize the target URL, the payload, the site info fields, or even the request arguments (headers, timeouts) before the request goes out.

Example use cases

Here are some concrete patterns where Audit Export fits nicely into real workflows.

1. Site documentation and handoffs

When finishing a build or inheriting an existing project, you can generate a complete structural snapshot for your records and for the client:

• wp audit-export run --all
• wp audit-export export site_report --file=docs/site-report.csv
• wp audit-export export plugins --file=docs/plugins.csv
• wp audit-export export content_types --file=docs/content-types.csv
• wp audit-export export users_roles --file=docs/users-roles.csv

Drop those into your project docs or attach to your ticket system so “what does this site look like” is always answered with data, not guesswork.

2. Migration planning

Before migrating to a new host or refactoring the architecture, you can:

• Export plugins and themes as JSON for programmatic analysis
• Inspect content volume by post type to plan migrations and backfills
• Identify custom post types and taxonomies that need special handling
• Spot inactive or duplicate plugins that should not make the trip

All of that comes from the existing audits; no custom scripts are required.

3. Change tracking during development

As part of deployment or release pipelines, you can generate snapshots into timestamped directories:

SNAPSHOT_DIR="snapshots/$(date +%Y%m%d-%H%M%S)"
mkdir -p "$SNAPSHOT_DIR"

wp audit-export run --all
for audit in site_report plugins themes content_types taxonomies menus widgets users_roles; do
 wp audit-export export "$audit" --file="$SNAPSHOT_DIR/$audit.csv"
done
 

Now you have a simple, file-based audit trail of structural changes over time, and you can diff snapshots when debugging “it worked last week” incidents.

4. Client reporting and account management

Combine cron scheduling with exports or remote posting to generate weekly or monthly reports for clients:

• A system section summarizing PHP and WordPress versions, debug status, SSL, and timezone (Site Report)
• A plugin inventory with update flags (Plugins)
• A content overview by post type (Content Types)
• A roles overview that highlights who has elevated capabilities (Users and Roles)

You can wrap this in a script that outputs HTML or Markdown, then email or post it into a reporting dashboard.

5. Security and compliance checks

For teams that need regular reviews:

• Use the Plugins audit to identify extensions with updates available.
• Use Users and Roles to monitor admin counts and high-privilege roles.
• Use Site Report to confirm debug mode is off in production and SSL is active.

You can even hook into the post-processing actions to send alerts when certain conditions are met, such as “any plugin has Update Available = Yes” or “administrator count > 2”.

6. Multi-site or multi-environment inventory

Because Audit Export can post to a remote API, you can install it on dev, staging, and production (or across many client sites), then centralize the reports.

Your central service receives JSON payloads that include site information, audit name, headers, and data rows, which you can then aggregate into one view.

Similar tools in the WordPress ecosystem

Audit Export focuses on structured configuration and usage reporting, especially around plugins, themes, content types, and roles. It complements, rather than replaces, some existing tools you might already use:

• WP Activity Log (formerly WP Security Audit Log)
  Provides a detailed activity log of user actions and site changes, with real-time monitoring and reporting. It is excellent for “who did what and when” style security and accountability. (WordPress.org)
• Stream
  Tracks user and system actions in a real-time activity stream, with filtering by user, role, context, and IP, plus integrations for alerts and webhooks. Helpful for debugging and real-time oversight. (WordPress.org)
• Query Monitor
  A developer tools panel that focuses on performance and debugging: database queries, hooks, HTTP calls, and more. It gives you deep insight into how your code behaves on a request-by-request basis. (WordPress.org)
• Core Site Health
  Built into WordPress itself, Site Health runs a series of checks on configuration and performance and reports issues directly in wp-admin. Audit Export is complementary here: Site Health focuses on diagnostics, while Audit Export focuses on structured reporting and external consumption. (WordPress.org)

Put simply: activity log plugins tell you what happened, Query Monitor tells you how it happened, Site Health tells you how WordPress feels about it, and Audit Export gives you the structured configuration snapshot you can ship off to spreadsheets, dashboards, and other systems.

Recap

Audit Export, provided as a WordPress plugin, gives you repeatable, scriptable insight into how a site is structured and configured:

• Eight core audits covering plugins, themes, content types, taxonomies, menus, widgets, users, roles, and general system info
• Tight WP-CLI integration for automation and CI
• Scheduled runs via WP-Cron
• CSV and JSON exports, with optional filesystem storage
• Remote posting for centralized dashboards and multi-site reporting
• An extensible architecture for adding custom audits and customizing the payloads

If you manage more than one WordPress site, collaborate in a team, or just like your configuration data neat and exportable, this plugin is designed to slide into your workflow without much fuss.

Here is the revised version with the correct documentation URL:

Simple VPS Provisioner

Simple VPS Provisioner is a command-line tool that turns a fresh Debian or Ubuntu VPS into a production-ready LAMP environment for Drupal or WordPress with a single command. It’s designed for clean installations and provides a consistent, automated way to deploy sites, manage domains, configure PHP versions, and handle optional SSL via Let’s Encrypt.

What It Does

The tool provides a complete stack including Nginx, PHP-FPM, MariaDB, and optional HTTPS, then configures each site with isolated PHP pools, secure credentials, and a production-grade firewall. It supports both Drupal and WordPress, multiple domains on a single server, Git-based deployments, database imports, and basic authentication to restrict access when needed. Since it is idempotent, you can safely run it multiple times to apply updates or verify the configuration.

Getting Started

To install the tool on a new VPS, run:

curl -fsSL https://raw.githubusercontent.com/willjackson/simple-vps-provisioner/main/install-from-github.sh | sudo bash

After installation, provisioning a site takes only one command. For Drupal (with HTTPS):

sudo svp setup example.com --le-email admin@example.com

or for WordPress (with HTTPS):

sudo svp setup example.com --cms wordpress --le-email admin@example.com

If you prefer to start without SSL, omit the email flag and access your site over HTTP. Once provisioning completes, your site is ready at the domain you specified.

Additional Capabilities

Simple VPS Provisioner includes commands for updating PHP versions, managing SSL certificates, deploying from Git repositories, enabling or disabling HTTP basic auth, verifying server configuration, and setting up multiple domains or environments. You can also import databases during setup or adjust settings through command-line flags, making repeatable deployments easy to script or automate.

Learn More

Full documentation, examples, and troubleshooting guides are available at https://simple-vps-provisioner.will.gg/. The source code and installation scripts can be found on GitHub at https://github.com/willjackson/simple-vps-provisioner.

Simple VPS Provisioner aims to make server setup predictable and fast, providing a straightforward way to deploy Drupal or WordPress sites without manually configuring each service.

SiteDash is a central dashboard for developers, agencies, and site owners managing multiple Drupal and WordPress sites. It's currently in development. Join the interest list at SiteDash.ai.

The Problem with Multiple Sites

Managing more than a handful of sites means juggling hosting dashboards, repository interfaces, third-party services, and spreadsheets that are never quite up to date. Someone asks which sites need security updates, and you're opening ten browser tabs.

SiteDash aggregates site data in one interface. It connects to the Audit Export Module for Drupal and the Audit Export plugin for WordPress, pulling configuration details, module versions, update status, and hosting information into a unified view. The module supports Drupal 7 through 11, and the plugin works with WordPress 6 and later.

Who This Is For

If you maintain multiple sites, SiteDash gives you clarity. Freelancers with a dozen client projects, agencies balancing portfolios of fifty sites, or product teams needing governance across their web properties all benefit from centralized visibility.

Unified Site Data

Connect your sites and see metadata, configurations, and integrations from one dashboard. No more hunting through wikis or ticket systems for basic information about what's installed where.

SiteDash integrates with code hosts like GitHub and Bitbucket, hosting platforms like Acquia and Pantheon, CI tools like CircleCI and Tugboat, and project management systems including Jira, ClickUp, and Teamwork. It also connects to AI providers like Anthropic and OpenAI, Google Workspace tools, analytics platforms, and operations services like UptimeRobot.

LLM-Powered Infrastructure Queries

SiteDash includes an MCP server that lets AI tools access all your indexed site data through a single connection. Instead of wiring each service independently, your LLM-backed assistants can query everything at once.

Ask "Which sites are running Drupal 10.2.x?" or "Show me all sites with the Webform module enabled" and get immediate answers across your entire portfolio. The MCP integration enables AI-assisted onboarding, configuration audits, and infrastructure planning without manually checking each site.

Self-Service Access for Non-Technical Users

Once a developer connects sites to SiteDash, project managers and non-technical stakeholders can query site information on their own. Instead of filing tickets to ask which modules are installed or which sites need attention, they use natural language queries through the MCP-connected AI interface. The setup work happens once, then anyone on the team can get answers without waiting for developer availability.

Streamlined Agency Onboarding

Agencies often track dozens of client sites in spreadsheets. When a new project arrives, someone spends hours documenting what's installed: modules, themes, hosting details, third-party integrations, and potential technical debt.

The Audit Export Module and plugin automate that snapshot. SiteDash indexes the data and keeps it current. Paired with the MCP server, an LLM can handle much of the discovery work, querying indexed data and surfacing what matters without digging through admin screens.

What Changes

You spend less time context-switching between tools and more time making decisions. Teams share a unified source of truth instead of confirming basic facts in Slack. New developers get situational awareness without hunting through scattered documentation. AI-assisted querying means faster audits and planning.

Early Access

SiteDash is actively evolving. Join the interest list at SiteDash.ai to get notified as development progresses. The goal is an open alpha testing phase starting in January 2026.