Audit Export Plugin

Submitted by wjackson on
Audit Export WordPress Plugin
Audit Export for WordPress is a flexible auditing and reporting plugin that inspects your site’s plugins, themes, content types, taxonomies, menus, widgets, users, roles, and core configuration, and turns that data into exportable, automatable reports.
Project Date

Audit Export is provided via a WordPress plugin that gives administrators and developers a clear, structured view into how their site is put together. It inspects plugins, themes, content types, taxonomies, menus, widgets, users, roles, and general site configuration, then turns all of that into exportable, script-friendly reports. Think of it as a regular health report for your WordPress installation, only with fewer lecture slides and more CSVs.

At the time of writing, the plugin is pending review for inclusion in the official WordPress.org plugin directory. Once it is approved, you will be able to install it like any other plugin. Until then, you can follow it on the Audit Export plugin page.

Who is Audit Export for?

Agencies managing lots of client sites
If you maintain a portfolio of WordPress installations, you need consistent answers to simple questions:

  • What plugins are installed and which need updates?
  • How many posts, pages, or products are we dealing with?
  • How are user roles configured on each site?

Audit Export gives you standardized reports you can automate across environments and pipe into whatever dashboard or inventory system you are already using.

DevOps and engineering teams
You live in terminals, not in wp-admin. Audit Export integrates with WP-CLI, so you can run audits, export data, manage cron, and test remote connections using commands like wp audit-export run --all or wp audit-export export plugins --format=json. (WP-CLI)

Site administrators and content managers
If you are responsible for “keeping the site clean,” the plugin helps answer:

  • Which post types are actually in use, and how full are they?
  • Do we have menus that are no longer assigned anywhere?
  • Which widget areas are full of mystery legacy widgets?

Security and compliance teams
The Users and Roles audit and the Plugins audit give you a structured snapshot of who can do what and which plugins may need attention, which is exactly the sort of thing security and compliance checklists like to nag you about.

Freelancers and consultants
Starting a new engagement with a “mature” WordPress site can be… exciting. Running Audit Export once gives you a quick, trustworthy inventory of the install so you can talk about scope and risk from a position of knowledge instead of vibes.

What the plugin actually audits

Out of the box, Audit Export ships with eight audit types grouped into general, system, content, and user categories:

  • Site Report: PHP version, WordPress version, URL, active theme, multisite status, debug mode, timezone, and SSL usage.
  • Plugins: Installed plugins with version, author, status (active, inactive, network), whether they are network-activated, and whether updates are available.
  • Themes: Installed themes with status, parent/child relationships, and update availability.
  • Content Types: All meaningful post types with published/draft/private/trash counts, plus flags for public and hierarchical. System-only types like revision and oembed_cache are excluded to keep the signal high.
  • Taxonomies: Taxonomy labels, term counts, whether they are public/hierarchical, and which post types they attach to.
  • Menus: Menu names, IDs, item counts, assigned locations, and last modified dates.
  • Widgets: Widget areas (sidebars), their IDs, and which widgets are currently active.
  • Users and Roles: Role names, display labels, user counts, capability counts, and a “key capabilities” summary for each role.

All of these audits share a consistent internal structure (headers + data rows) so they are easy to export and automate against.

How do you use it day to day

Via the WordPress admin

After activation, you get an Audit Export section in the admin menu. From there, you can:

  • Run individual audits from the UI
  • View stored report data from the database
  • Configure file export (where CSVs are stored)
  • Turn cron processing on or off and tune its frequency
  • Configure remote posting (URL, auth, timeouts, SSL verification, debug mode)

Exports can be saved to the filesystem (uploads directory or wp-content) under a configurable subdirectory like audit-export/, making it easy to pick them up with other tools.

Via WP-CLI

If you prefer the command line, the plugin registers a full command namespace: wp audit-export. You get subcommands for:

  • wp audit-export list – list all audits and when they last ran
  • wp audit-export run – run one, several, or all audits, with output as table, CSV, JSON, or YAML
  • wp audit-export export – export a specific audit to a file or stdout
  • wp audit-export cron – check status, enable/disable, run cron jobs manually
  • wp audit-export test-connection – test the remote endpoint
  • wp audit-export force-post – push a specific audit to the remote API
  • wp audit-export info – show plugin version and configuration at a glance

Because it is all WP-CLI, you can slot these commands directly into deployment scripts, CI pipelines, or scheduled tasks on your host. If you are new to WP-CLI, the WP-CLI docs and command list are helpful references. (WP-CLI)

Scheduled audits with WP-Cron

For ongoing visibility, Audit Export hooks into WP-Cron so audits can run automatically on a schedule. You can: (WordPress Developer Resources)

  • Enable cron processing
  • Run audits on every cron invocation (for high-traffic, high-change sites)
  • Set a custom interval in minutes (for example, every 60, 1440, or 10,080 minutes)
  • Set a maximum processing time per audit to avoid long-running jobs

This lets you keep a fresh set of reports without anyone having to remember to click “Run audit.”

Optional remote posting

If you operate a central dashboard or monitoring system, the plugin can POST audit results to a remote endpoint, using no auth, Basic auth, or a Bearer token. It sends structured JSON with site metadata (name, host, versions) and the report data (headers, rows, counts), so your external system can store or visualize it.

Hooks let you customize the target URL, the payload, the site info fields, or even the request arguments (headers, timeouts) before the request goes out.

Example use cases

Here are some concrete patterns where Audit Export fits nicely into real workflows.

1. Site documentation and handoffs

When finishing a build or inheriting an existing project, you can generate a complete structural snapshot for your records and for the client:

  • wp audit-export run --all
  • wp audit-export export site_report --file=docs/site-report.csv
  • wp audit-export export plugins --file=docs/plugins.csv
  • wp audit-export export content_types --file=docs/content-types.csv
  • wp audit-export export users_roles --file=docs/users-roles.csv

Drop those into your project docs or attach to your ticket system so “what does this site look like” is always answered with data, not guesswork.

2. Migration planning

Before migrating to a new host or refactoring the architecture, you can:

  • Export plugins and themes as JSON for programmatic analysis
  • Inspect content volume by post type to plan migrations and backfills
  • Identify custom post types and taxonomies that need special handling
  • Spot inactive or duplicate plugins that should not make the trip

All of that comes from the existing audits; no custom scripts are required.

3. Change tracking during development

As part of deployment or release pipelines, you can generate snapshots into timestamped directories:

SNAPSHOT_DIR="snapshots/$(date +%Y%m%d-%H%M%S)"
mkdir -p "$SNAPSHOT_DIR"

wp audit-export run --all
for audit in site_report plugins themes content_types taxonomies menus widgets users_roles; do
 wp audit-export export "$audit" --file="$SNAPSHOT_DIR/$audit.csv"
done
 

Now you have a simple, file-based audit trail of structural changes over time, and you can diff snapshots when debugging “it worked last week” incidents.

4. Client reporting and account management

Combine cron scheduling with exports or remote posting to generate weekly or monthly reports for clients:

  • A system section summarizing PHP and WordPress versions, debug status, SSL, and timezone (Site Report)
  • A plugin inventory with update flags (Plugins)
  • A content overview by post type (Content Types)
  • A roles overview that highlights who has elevated capabilities (Users and Roles)

You can wrap this in a script that outputs HTML or Markdown, then email or post it into a reporting dashboard.

5. Security and compliance checks

For teams that need regular reviews:

  • Use the Plugins audit to identify extensions with updates available.
  • Use Users and Roles to monitor admin counts and high-privilege roles.
  • Use Site Report to confirm debug mode is off in production and SSL is active.

You can even hook into the post-processing actions to send alerts when certain conditions are met, such as “any plugin has Update Available = Yes” or “administrator count > 2”.

6. Multi-site or multi-environment inventory

Because Audit Export can post to a remote API, you can install it on dev, staging, and production (or across many client sites), then centralize the reports.

Your central service receives JSON payloads that include site information, audit name, headers, and data rows, which you can then aggregate into one view.

Similar tools in the WordPress ecosystem

Audit Export focuses on structured configuration and usage reporting, especially around plugins, themes, content types, and roles. It complements, rather than replaces, some existing tools you might already use:

  • WP Activity Log (formerly WP Security Audit Log)
    Provides a detailed activity log of user actions and site changes, with real-time monitoring and reporting. It is excellent for “who did what and when” style security and accountability. (WordPress.org)
  • Stream
    Tracks user and system actions in a real-time activity stream, with filtering by user, role, context, and IP, plus integrations for alerts and webhooks. Helpful for debugging and real-time oversight. (WordPress.org)
  • Query Monitor
    A developer tools panel that focuses on performance and debugging: database queries, hooks, HTTP calls, and more. It gives you deep insight into how your code behaves on a request-by-request basis. (WordPress.org)
  • Core Site Health
    Built into WordPress itself, Site Health runs a series of checks on configuration and performance and reports issues directly in wp-admin. Audit Export is complementary here: Site Health focuses on diagnostics, while Audit Export focuses on structured reporting and external consumption. (WordPress.org)

Put simply: activity log plugins tell you what happened, Query Monitor tells you how it happened, Site Health tells you how WordPress feels about it, and Audit Export gives you the structured configuration snapshot you can ship off to spreadsheets, dashboards, and other systems.

Recap

Audit Export, provided as a WordPress plugin, gives you repeatable, scriptable insight into how a site is structured and configured:

  • Eight core audits covering plugins, themes, content types, taxonomies, menus, widgets, users, roles, and general system info
  • Tight WP-CLI integration for automation and CI
  • Scheduled runs via WP-Cron
  • CSV and JSON exports, with optional filesystem storage
  • Remote posting for centralized dashboards and multi-site reporting
  • An extensible architecture for adding custom audits and customizing the payloads

If you manage more than one WordPress site, collaborate in a team, or just like your configuration data neat and exportable, this plugin is designed to slide into your workflow without much fuss.

Tags
WordPress
Featured
Off
Project Status
In Development
Project Type
WordPress Plugin
Version
1.0.0
Related Content
Audit Export Module
SiteDash
Simple VPS Provisioner
Subscribe to WordPress Plugin