0 Day Analytics
0 Day Analytics is a comprehensive WordPress debugging and operational intelligence plugin. It is purpose-built for developers and site administrators who need real-time visibility into their PHP errors, scheduled tasks, database state, outgoing emails, HTTP requests, hook behaviour, and overall site health — all from a single admin interface. Unlike general monitoring services, 0 Day Analytics runs entirely inside your WordPress installation with no third-party data collection. Every module is opt-in and designed with performance in mind. Plugin Website: 0-day-analytics.com User Documentation: User Guide Dashboard A centralised overview page providing at-a-glance status for all active plugin modules. Displays real-time widgets for Error Log, Fatal Errors, Cron Jobs, Transients, HTTP Requests, WP Mail, REST API, and Security — each showing key metrics and recent events. Toggle individual module widgets on or off. The Dashboard is the default landing page when clicking the main plugin menu item, giving administrators immediate visibility into site health and activity without navigating to each module separately. Error Log Manager Read, search, filter, and manage your PHP/WordPress error log without leaving the admin. Engineered for very large (GB-sized) logs using a reverse-line reader that never performs a full-file read. Supports code-context viewing (click any error to see the surrounding source), per-severity filtering, log truncation, and download. Optionally randomise the log filename to reduce exposure. PHP Fatal Error Tracker Captures and stores PHP fatal errors in a dedicated database table, it records PHP errors even if the WP_DEBUG is turned off so they persist even after the log is rotated or overwritten. Each record includes error type, file, line, stack trace, and timestamp — searchable and filterable directly in the admin. Site Performance & Security Scanner Runs 32+ automated checks across three categories — Security, Speed, and Resources used — and presents a scored dashboard with actionable recommendations. Checks include: PHP version, WordPress version, SSL certificate, debug mode exposure, file permissions, database prefix, XML-RPC, login URL, active plugin count, autoloaded options, cron health, page caching, object caching, gzip compression, lazy loading, image optimisation, and more. Google PageSpeed & Core Web Vitals Analyse any URL directly from the WordPress admin using the Google PageSpeed Insights API. Displays Performance, Accessibility, Best Practices, and SEO scores with Lighthouse category breakdowns for both desktop and mobile. For that you need to provide your own PageSpeed Google API key. URL Tracker & Asset Analyser Automatically tracks visited page URLs on your site. For each recorded URL, you can collect all associated JS, CSS, and media assets (with file sizes), run a Google PageSpeed analysis, and review visit counts — making it easy to audit page weight and performance regressions over time. Cron Manager View, search, edit, manually run, and delete WordPress scheduled tasks. Shows next run time (UTC), recurrence interval, arguments, and last execution status. Supports bulk actions and advanced filtering. Transients Manager Browse, search, edit, and safely delete database transients. Displays expiry time, serialised value (pretty-printed), and size. Bulk delete supports filtered selections. Outgoing HTTP Requests Viewer Logs all outgoing wp_remote_* calls made by WordPress core, themes, and plugins. Records URL, method, status code, response time, triggering plugin, user, and full request/response detail. Export to CSV for external analysis. Advanced filtering by domain, plugin, status, and date range. Mail Logger & Composer Records every email sent through wp_mail() — including headers, body, attachments, CC, and BCC — and stores it in a searchable log. View the rendered email body, resend any logged email, or compose and send new emails directly from the admin. Supports HTML and plain-text previews. SMTP Configuration Configure custom SMTP settings (host, port, encryption, username, password) with a built-in test email tool. Optionally log SMTP debug output to the WordPress debug log. WP Hooks Monitor Define which WordPress actions and filters (core or custom) you want to observe. The Hooks Capture module records each invocation with its parameters, return value (for filters), and a full stack backtrace. Organise monitoring rules into named groups, enable/disable per hook, and review the captured output in a dedicated list view. DB Table Manager Browse, search, edit, and delete records across any table in your WordPress database — including custom plugin tables. Displays table size, engine, collation, row count, and schema information. Supports full and filtered truncation and table drop with confirmation. Server Info & System Status Displays real-time server metrics (CPU load, memory usage, disk space, PHP version, active extensions) as both admin-bar badges and a dashboard widget. Also provides a detailed environment report useful for support tickets and deployment checks. Plugin Version Switcher Roll back or switch between any previously downloaded version of an installed plugin without leaving the admin. Useful for quickly reverting after a bad update. Supports only free plugins from the WordPress repo. Code Snippets Write, save, and execute custom PHP snippets from the admin. Snippets support shortcodes, can be enabled/disabled individually, and are sandboxed before execution. Useful for one-off data migrations, testing custom logic, or generating dynamic output without creating a custom plugin. REST API Manager A security and management tool that gives full visibility and control over every registered REST API endpoint (/wp-json/). Inspect all registered routes, disable individual endpoints, restrict HTTP methods, and hide routes from discovery responses. Useful for hardening your site by removing unnecessary API surface area. WP Panel A centralised control panel for toggling WordPress core features and settings. Enable or disable comments, revisions, auto-updates, XML-RPC, the REST API, emojis, embeds, heartbeat behaviour, frontend asset loading, and more — all from a single, organised admin page. No code changes or custom snippets required. Traffic Analytics Privacy-focused website traffic monitoring built directly into WordPress — no external services or third-party scripts. Tracks unique visitors, pageviews, top pages, referrers, and technology breakdown (devices, browsers, operating systems) with a visual SVG-based dashboard. Choose between server-side (PHP) or client-side (JavaScript) tracking. Includes real-time visitor count automatic period comparison, configurable data retention, and a high-performance file-based write buffer. Important: By default, Traffic Analytics uses server-side (PHP) tracking mode. This method is less accurate because it cannot distinguish bots from real visitors as effectively and may miss visitors served from full-page caches. If you need more precise analytics, switch to client-side (JavaScript) tracking in the module settings — this mode runs a lightweight script in the browser that provides significantly more accurate visitor detection and pageview counting. Security Monitor Real-time security event monitoring and threat detection for your WordPress site. Tracks brute-force login attempts, burst rate limiting (DoS protection), user enumeration attempts, and blocked requests. Displays a summary dashboard with total events, critical alerts, blocked requests, and active incidents over the last 7 days. Includes an Emergency Lockdown button to immediately restrict site access during an active attack. Events are logged with severity level, IP hash (privacy-preserving), attempt counts, and detailed request information. Login & Auth Audit Comprehensive authentication event logging that tracks all login activity on your site. Records successful logins, failed login attempts, session expirations, and password resets with full context — including user, IP hash, user agent, and timestamp. Displays summary statistics (total events, successful logins, failed logins, password resets) for the last 7 days. Supports filtering by event type and severity, search, and CSV export. Recovery Mode Generate single-use recovery links that can disable a specific plugin or trigger a custom action — delivered via Slack, Telegram, or any configured webhook channel. Designed for emergency recovery when the site is inaccessible through normal means. The recovery URLs are sent in Slack and Telegram channels for security. Other Features Dark mode for all admin screens. CSV export on all list views (requests, errors, mails, hooks, etc.). Screen Options on every screen (configure columns, items per page). WP CLI compatible scaffolding for background operations. Multisite aware (note: recovery mode has core multisite limitations). Requirements & Compatibility WordPress 6.0+ (tested up to 6.9) PHP 7.4+ (compatible with PHP 8.0, 8.1, 8.2, 8.3, 8.4, 8.5) MySQL 5.7+ / MariaDB 10.3+ Not intended as a primary multisite recovery tool (see FAQ) Best Practices & Security Notes Keep log files outside the webroot when possible, or restrict access via server rules (.htaccess / nginx) to prevent public exposure. Use the built-in “Randomise Log Filename” feature when logs must stay in the webroot. All plugin capabilities are restricted to manage_options (administrators) by default. The menu can optionally be restricted to admins only. Sanitize and escape all output; nonces are enforced on all state-changing actions. Secure SMTP credentials using TLS/STARTTLS; credentials are stored in the WordPress options table. Set file permissions tightly (e.g., 600/640) and restrict ownership to the web server user. Backup database and files before using bulk delete or table truncation. Disable unused modules to reduce footprint and potential attack surface. Disable or throttle high-frequency background polling on high-load sites. Usage Notes & Performance The Error Log viewer reads the last N lines (default 100, max configurable via Screen Options) to avoid full-file reads on GB-sized logs. No pagination on error logs by design — pagination would force repeated expensive full-file reads. The PHP Fatal Error Tracker uses its own DB table; apply a retention policy in Settings to avoid unbounded growth. The Hooks Capture module adds minimal overhead per captured hook invocation; disable capturing on production when not actively debugging. The URL Tracker records page visits in a custom table; configure retention or pause tracking on high-traffic sites. Support & Notes Secure log paths and consider randomising filenames in production. Disable unused modules to reduce footprint and attack surface. Recovery Mode has limitations on multisite — test before relying on it. For bugs or feature requests, open an issue on the plugin page. Live preview and full details: https://wordpress.org/plugins/0-day-analytics/ Plugin website and documentation: https://0-day-analytics.com
Top keywords
- wordpress17×1.06%
- log13×0.81%
- php13×0.81%
- site10×0.62%
- admin9×0.56%
- custom9×0.56%
- error9×0.56%
- page9×0.56%
- table9×0.56%
- disable8×0.50%
- security8×0.50%
- api7×0.44%
VigIA – AI Visibility, Analytics & Control
VigIA (Spanish for “lookout” or “watchman”, incorporating “IA” – Spanish for “AI”) is a complete AI visibility toolkit for WordPress. Monitor 60+ AI crawlers, control access to your content, and optimize how AI systems discover and understand your site. What does VigIA do? Scores your AI visibility with a 100-point analyzer covering 20 checks across 5 categories Tracks AI crawlers visiting your site (GPTBot, ClaudeBot, PerplexityBot, and 60+ others) Provides detailed analytics with advanced filters, server-side pagination, and exportable reports with metadata banner Blocks unwanted crawlers via PHP (403 response) Manages robots.txt rules for AI crawlers with compliance monitoring Sends email alerts about crawler activity (daily, weekly, or monthly) Generates llms.txt files to help AI systems understand your site Serves markdown endpoints for posts, pages, taxonomy archives (categories, tags, WooCommerce product categories, custom taxonomies) and WooCommerce products with schema-like data Generates JSON-LD structured data with Site Identity and AI Discovery signals Exposes abilities for AI agents and automation tools (WordPress 6.9+) Key Features AI Visibility Analyzer * 100-point scoring system with letter grades (A+ to F) * 20 individual checks across 5 categories * Access & AI Discovery (37 pts): robots.txt, AI bot directives, Content Signals, llms.txt, sitemap, RSS feed * Structured Data & Semantic Context (25 pts): JSON-LD schemas, Open Graph, Twitter Cards, meta description, canonical URL * Content Structure & Readability (20 pts): heading hierarchy, semantic HTML5, image alt text, content/HTML ratio * AI Interaction & Distribution (8 pts): markdown delivery, AI share buttons * Access Performance (10 pts): TTFB measurement * Smart recommendations with direct links to VigIA features and plugin suggestions * Analyze any page on your site with URL autocomplete selector * Results cached for 24 hours with manual re-analyze option Analytics Dashboard * Total visits, unique crawlers, and pages crawled statistics * Timeline chart with daily breakdown * Category distribution (AI Training, AI Search, AI Assistant, Data Scraper) * Top crawlers and most crawled pages tables with paginated navigation * AI Share & Summarize integration: see share button clicks per page * Recent activity log with content type and HTTP status columns (color coded by status family) * Advanced filters: multi-select crawler picker, content type, HTTP status code, and configurable date range * Server-side pagination with four-button pager (first, previous, next, last) — operates over the full database, not just the latest 500 rows * Period comparison functionality * CSV export with a metadata banner (site name, site URL, export type, date range, export timestamp, applied filters) * “Export filtered CSV” button that downloads exactly what the active filters return, with vigia-filtered-YYYY-MM-DD.csv filename * Content type detection distinguishes Home, Post, Page, Product, custom CPTs, Category archive, Tag archive, Date/Author archive, Feed, Sitemap, REST API, File, Admin / login attempts (/wp-admin, /wp-login.php), WordPress system (admin-ajax, xmlrpc, wp-cron, wp-comments-post), 404 Not found, and Other Crawler Blocking * Block crawlers via PHP with 403 Forbidden response * Quick block dropdown in analytics dashboard * Manage blocks from Extras page * Works on any server (Apache, Nginx, LiteSpeed, etc.) Robots.txt Management * Add Disallow rules for AI crawlers * Visual preview of your robots.txt * Compliance monitoring: see which crawlers ignore your rules * One-click blocking for non-compliant crawlers * Works with both physical and virtual robots.txt Email Alerts * Daily, weekly, or monthly reports * Three detail levels: Minimal, Normal, Complete * Non-compliant crawler warnings * Activity comparison with previous period Markdown for Agents * Serve posts, pages and any public post type as optimized markdown for AI agents * Serve taxonomy archive pages (categories, tags, WooCommerce product categories, custom taxonomies) as markdown — disabled by default, opt in per taxonomy * Dedicated .md URL endpoints (e.g., /your-post.md, /category/news.md, /product-category/electronics.md) * Accept: text/markdown content negotiation on posts and taxonomy archive pages * Discoverability via Link HTTP headers and HTML tags * YAML frontmatter for posts: title, date, modified, author, image, categories, tags, post type, lang * YAML frontmatter for taxonomy terms: title, description, url, type, taxonomy, parent, count, image (term meta), lang * WooCommerce product frontmatter adds schema-like fields: sku, product_type, price, regular_price, sale_price, currency, availability, stock_quantity, rating, rating_count, review_count * Taxonomy term body includes the term description (rendered through the_content), the list of direct child terms in hierarchical taxonomies, and an excerpt of the latest posts/products assigned to the term * Product listings inside product_cat archives include an inline summary with formatted price, “was X” on sale items, star rating and out-of-stock flag * Respects blocking rules (blocked crawlers get 403) and LLMs.txt exclusion filters * Per-term noindex detection from Yoast SEO, Rank Math, All in One SEO and SEOPress * Analytics integration: tracks markdown requests per crawler * X-Markdown-Tokens response header * Filters: vigia_markdown_post_eligible, vigia_markdown_term_eligible, vigia_markdown_term_posts_limit * Follows the Cloudflare Markdown for Agents standard LLMs.txt Generator * Select content by post type with one click * Filter by taxonomies (categories, tags, custom) * Manual include/exclude with AJAX search * Exclude by URL patterns (wildcards supported) * SEO plugin integration (auto-exclude noindex content) * Auto-regeneration (daily, weekly, monthly) * Robots.txt integration (add llms.txt and llms-full.txt references) * Generate llms.txt and llms-full.txt files * Full content or excerpt mode * Compatible with Yoast SEO, Rank Math, All in One SEO, SEOPress, The SEO Framework, and Native SEO NoIndexer JSON-LD Structured Data * Generate WebSite and Organization/Person schema for site identity * AI Discovery: ReadAction pointers to llms.txt, llms-full.txt, and Markdown for Agents endpoints * Social profiles and sameAs links for brand identity across the web * SearchAction for Google sitelinks search box * Media library integration for logo selection * SEO plugin conflict detection (Yoast, Rank Math, AIOSEO, SEOPress, The SEO Framework) * Choose output page (front page or any published page) * Live JSON-LD preview with real-time updates * Smart integration with LLMs.txt and Markdown for Agents features Supported AI Crawlers VigIA monitors 60+ AI crawlers including: OpenAI: GPTBot, OAI-SearchBot, OAI-AdsBot, ChatGPT-User Anthropic: ClaudeBot, Claude-SearchBot, Claude-User, Claude-Code Google: Google-Extended, GoogleOther, Gemini-Deep-Research, Google-NotebookLM Perplexity: PerplexityBot, Perplexity-User Meta: Meta-ExternalAgent, FacebookBot, Meta-WebIndexer Amazon: Amazonbot, Amzn-SearchBot, bedrockbot Mistral: MistralAI-User, MistralAI-Index Microsoft: BingBot ByteDance: Bytespider Apple: Applebot-Extended And many more… Privacy Focused VigIA stores visitor data locally in your WordPress database. No data is sent to external servers. Abilities API VigIA is one of the first WordPress plugins to implement the Abilities API introduced in WordPress 6.9. This API allows AI agents, automation tools, and external systems to discover and interact with VigIA’s functionality in a standardized, secure way. What are Abilities? Abilities are self-contained units of functionality that VigIA exposes through WordPress’s central registry. Each ability has defined inputs, outputs, and permissions, making it easy for automation tools to understand and use them. Available Abilities VigIA registers the following abilities: Analytics vigia/get-crawler-stats – Get statistics about AI crawler visits (total visits, unique crawlers, pages crawled) vigia/get-top-crawlers – Get a ranked list of most active AI crawlers vigia/get-top-pages – Get the most crawled pages on your site Blocking vigia/get-blocked-items – List all blocked crawlers and IP addresses vigia/block-crawler – Block a crawler by User-Agent pattern vigia/unblock-crawler – Remove an existing block Robots.txt vigia/get-robots-rules – Get current AI crawler rules in robots.txt vigia/add-robots-disallow – Add a Disallow directive for a crawler vigia/remove-robots-rule – Remove a robots.txt rule Use Cases Automated monitoring: AI agents can query crawler statistics and alert you to anomalies Reactive blocking: Automation tools can block crawlers that repeatedly ignore robots.txt External dashboards: Aggregate data from multiple WordPress sites with VigIA installed WP-CLI integration: Future command-line access through the Abilities API n8n / Make workflows: Build custom automation flows using VigIA’s abilities Requirements The Abilities API ships with WordPress 6.9 and later. On older WordPress versions, VigIA works normally but abilities and MCP are not available. MCP Server (Model Context Protocol) VigIA exposes its 9 abilities as native MCP tools to any MCP-compatible client (Claude Code, Cursor, Claude Desktop, Codex CLI, Antigravity, Continue, Cline, Zed and similar) using the official WordPress MCP Adapter. The adapter ships bundled with the plugin, so the MCP endpoint is active right after installation — no Composer step or terminal access required. Requirements WordPress 6.9 or later (provides the Abilities API) Quick connect (recommended) Open VigIA > Extras > MCP and click “Generate password and connection commands”. The plugin creates a dedicated Application Password named VigIA MCP and renders ready-to-paste commands for Claude Code, Cursor, Claude Desktop and a generic block (URL + Authorization header) for any other MCP client. The plain password is shown only once. If you lose it, revoke the entry from the same panel and generate a new one. Endpoint https://your-site.example/wp-json/vigia/v1/mcp The endpoint uses HTTP Basic auth with the WordPress Application Password. The user must have the manage_options capability. Connecting Claude Code Quick Connect builds the full command for you. The shape is: claude mcp add --transport http vigia https://your-site.example/wp-json/vigia/v1/mcp --header "Authorization: Basic BASE64_OF_USER_AND_APP_PASSWORD" Claude Code merges the new entry into its config file automatically — no risk of breaking other servers. Connecting Cursor Save the JSON block from Quick Connect as ~/.cursor/mcp.json. You can also reach this file from inside Cursor at Settings → Cursor Settings → MCP. If the file already exists with other content, see “Merging into an existing config file” below. Connecting Claude Desktop Save the JSON block from Quick Connect as claude_desktop_config.json in your user Library (this is not the system Library at the root of the disk): macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json Linux: ~/.config/Claude/claude_desktop_config.json On macOS, the easiest way to reach the folder is to open Finder, press ⌘ Shift G, paste ~/Library/Application Support/Claude/ and hit Enter. On Windows, press Win+R and run %APPDATA%\Claude. Important: Claude Desktop only speaks stdio to local processes, so the snippet does not connect directly to VigIA over HTTP. Instead it launches a small bridge package (mcp-remote) via npx that proxies the connection. This means you need Node.js installed on the machine. The first run downloads mcp-remote automatically; subsequent runs use the npm cache. If you do not want to install Node.js, connect from Claude Code or Cursor instead — both speak HTTP MCP natively and do not need a bridge. Restart Claude Desktop after saving the file. If the app boots with default preferences, the JSON is malformed — review the file or restore your backup. If Claude Desktop says the entry is “not a valid MCP server configuration”, npx is not in its PATH; check that Node.js is installed and accessible to GUI apps. If the file already exists with other content, see “Merging into an existing config file” below. Merging into an existing config file If your claude_desktop_config.json or ~/.cursor/mcp.json already exists, do not paste the full Quick Connect block on top of it. Pasting on top discards everything else (preferences, other MCP servers) and the app will start with defaults. Always make a backup of the file first. Then open it with any text editor that preserves JSON. There are two scenarios. Scenario 1 — the file has content but no mcpServers block yet. This is common when you have used Claude Desktop before but never configured MCP servers. The file might look like this: { "preferences": { "menuBarEnabled": false, "...": "..." } } Add mcpServers as a sibling property of preferences, separated by a comma. The result should be: { "preferences": { "menuBarEnabled": false, "...": "..." }, "mcpServers": { "vigia": { "command": "npx", "args": [ "-y", "mcp-remote", "https://your-site.example/wp-json/vigia/v1/mcp", "--header", "Authorization: Basic BASE64_OF_USER_AND_APP_PASSWORD" ] } } } The order of preferences and mcpServers is not important, but the comma between them is required. Forgetting the comma makes the JSON invalid and Claude Desktop will start with default preferences. Scenario 2 — the file already has mcpServers with other servers. Add the vigia entry inside the existing mcpServers object, separated from other entries by a comma: "mcpServers": { "other-server": { "...": "..." }, "vigia": { "command": "npx", "args": [ "-y", "mcp-remote", "https://your-site.example/wp-json/vigia/v1/mcp", "--header", "Authorization: Basic BASE64_OF_USER_AND_APP_PASSWORD" ] } } For Cursor the entry is different — Cursor speaks HTTP MCP natively, so its block uses type, url and headers directly inside the server entry instead of the bridge command. The Quick Connect panel renders the right format for each client. Other MCP clients (Codex CLI, Continue, Cline, Antigravity, Zed, custom) Most MCP clients accept HTTP transport with a custom Authorization header. The Quick Connect panel exposes the two raw values you need — the server URL and the Authorization header — so you can drop them into whatever configuration format your client expects. Browser-only assistants without an MCP client (AI Studio, ChatGPT web) cannot connect. They need a desktop or CLI client that speaks MCP over HTTP. Read-only mode If you only want your AI to consult VigIA (not change anything), enable “Read-only mode” in the MCP tab. While on, write actions (block, unblock, robots changes) return a permission denied error. Read actions (statistics, top crawlers, blocked items, robots rules) keep working. The toggle stores a vigia_mcp_read_only option that hooks into the vigia_can_write_via_abilities filter. Developers can still force read-only from a mu-plugin: add_filter( 'vigia_can_write_via_abilities', '__return_false' ); The mu-plugin filter at the default priority takes precedence over the toggle. After connecting Restart your MCP client after adding the server so it picks up the new tools. Then try a few prompts to confirm everything is wired up: “Show me VigIA crawler stats for the last 7 days.” “List the top 5 most crawled pages on this site.” “Add a robots.txt Disallow rule for TestBot and then list the current AI crawler rules.” The third example exercises a read + write + read round-trip, which is the most complete sanity check. Support Need private support or custom development? Do you need one-on-one help, priority troubleshooting, or a custom feature, integration, or tweak built specifically for your site? I offer private support and custom development. Just contact me and tell me what you need. Need help or have suggestions? Official website WordPress support forum YouTube channel Documentation and tutorials Love the plugin? Please leave us a 5-star review and help spread the word! About AyudaWP We are specialists in WordPress security, SEO, AI and performance optimization plugins. We create tools that solve real problems for WordPress site owners while maintaining the highest coding standards and accessibility requirements.