SiteAgent for Aura
SiteAgent is the bridge between your WordPress sites and the Aura infrastructure dashboard — a unified control center for teams managing multiple WordPress sites alongside servers, CDN, and DNS. Install this plugin on any WordPress site to unlock remote management capabilities directly from Aura — no SSH, no wp-admin juggling, no manual logins. What You Can Do Monitor site health — See WordPress version, PHP version, installed plugins & themes, database info, and disk usage in real time. Update plugins, themes & core remotely — Push updates to any connected site from the Aura dashboard, no wp-admin login. Safe batch updates with auto-rollback — Run chunked updates with health checks; if an update breaks the site, the plugin restores the previous version automatically. Per-plugin rollback — Every update is zip-snapshotted first; restore any plugin to its last good state on demand. Bulk translation & database upgrades — Update all language packs and run WordPress database migrations remotely. One-click connect (magic link) — Connect a site to Aura straight from wp-admin — no manual token copy/paste. AI-agent ready (18 MCP tools) — Exposes machine-readable, JSON-schema tools for AI-driven management, including SEO/accessibility/performance/broken-link auditors and on-site SEO-meta read/write (Rank Math, Yoast, SEOPress). Read tools run on demand; mutating tools are approval-gated through Aura, and every call is audited. Zero frontend impact — The plugin only registers REST API endpoints. No scripts, no styles, no database queries on visitor-facing page loads. How It Works After activation, click Connect to Aura on the Settings → SiteAgent page for a one-click magic-link connection, or copy the Site Token shown once and paste it into your Aura dashboard manually. From that point, Aura communicates with your site over a signed, authenticated REST API to pull health data and push updates. Security Defence-in-depth protects every request: WordPress Application Password — Standard WordPress auth with capability checks (manage_options / update_*). Only authorized administrators can trigger actions. Hashed Site Token — A per-site token sent via the X-Aura-Token header. Only a SHA-256 hash is stored (never the raw token), compared timing-safely. Tokens from older versions migrate to a hash automatically. Brute-force throttling — Repeated bad-token attempts from an IP are blocked. Signed magic-link connect — The onboarding callback is HMAC-signed with a one-time secret and timestamp, so the token exchange can’t be hijacked or replayed. IP / Domain allowlist (optional) — Restrict API access to your Aura instance, with Cloudflare and reverse-proxy header support. You can rotate the token anytime from Settings → SiteAgent → Regenerate Token. REST API Endpoints Core endpoints under /wp-json/aura/v1/: GET /status — Full site health report GET /updates — Check available updates (core, plugins, themes, translations) POST /update/core / /update/plugin / /update/theme / /update/translations — Apply updates POST /update/database — Run WordPress database upgrades POST /connect — Magic-link token exchange (public, HMAC-signed, 10-minute expiry) Version 2 endpoints under /wp-json/aura/v2/: GET /health — HTTP, PHP fatal, white-screen and DB connectivity checks POST /update/batch — Chunked batch updates with auto-rollback on health failure POST /rollback/{plugin} — Restore a plugin from its most recent backup MCP tools under /wp-json/aura/mcp/: POST /tools/list / POST /tools/execute — Enumerate and run AI-agent tools GET /context — Full site context for AI decision-making AI Agent Tools (MCP) SiteAgent ships 18 built-in tools for AI agents. Read tools return information and run on demand; write tools change the site and are queued for human approval through Aura — an agent can never silently mutate a production site. Read tools: get_site_context — WordPress/PHP/theme/plugin/disk/performance snapshot with detected issues get_database_info — Database size, largest tables, autoloaded-options weight, expired transients scan_security — Scored security posture (file-edit lockdown, debug exposure, SSL, default admin/prefix, open registration, PHP version) scan_seo — SEO posture (search-engine visibility, permalinks, XML sitemap, site title) plus a sampled content audit (thin content, missing excerpts/featured images) scan_a11y — Accessibility audit over sampled content (images missing alt text, non-descriptive link text, heading structure, document language) perf_check — Performance posture (persistent object cache, OPcache, page-cache plugin, PHP version, autoload weight, active plugin count, memory limit) scan_broken_links — Link triage over a content sample with no outbound HTTP (empty/anchor-only links, dev/staging hosts, unresolved internal links) list_users — Users with roles and post counts, administrators flagged (never returns secrets) check_health — Live health gate: HTTP status, PHP fatals, white-screen, database connectivity scan_error_log — Tails and severity-groups the error log, surfacing recent fatals check_vulnerabilities — Plugins/themes checked against the WordPress.org vulnerability database get_seo_meta — Read a post/page’s SEO title, description, and focus keyword from the active SEO plugin (Rank Math, Yoast, or SEOPress) Write tools (approval-gated): update_plugin_safely — Backup, update, health-check, auto-rollback on failure clear_caches — Flush object/opcode caches and detected page-cache plugins cleanup_transients — Remove expired transients to reduce autoload bloat cleanup_orphaned_assets — Find and remove unused media (dry-run by default) backup_plugins — Zip-snapshot one or all active plugins as a rollback safety net set_seo_meta — Write a post/page’s SEO title / description / focus keyword on the active SEO plugin (Rank Math, Yoast, or SEOPress) — on-site, so it works even when a WAF blocks the plugin’s own REST endpoint Tools are classified by verb so the Aura Fleet gateway applies the right risk and approval policy automatically. About Aura Aura is a full-stack operations dashboard by Digitizer that brings servers, applications, DNS zones, and CDN pull zones from Cloudways, Hostinger VPS, Cloudflare, and Bunny.net into a single unified interface. SiteAgent extends that reach into every WordPress installation — so you can manage your entire infrastructure, including WordPress sites, from one place. Free to Use The plugin is completely free and open source (GPLv2+). You need a free or paid Aura account to connect your sites. Sign up at my-aura.app. Links Aura Dashboard Documentation GitHub Repository Digitizer
Top keywords
- aura18×1.89%
- site14×1.47%
- update13×1.36%
- wordpress12×1.26%
- database10×1.05%
- post10×1.05%
- seo9×0.94%
- token9×0.94%
- health8×0.84%
- updates8×0.84%
- connect6×0.63%
- php6×0.63%
NewStatPress
NewStatPress is a new version of StatPress that was the first real-time plugin dedicated to the management of statistics about blog visits. It collects information about visitors, spiders, search keywords, feeds, browsers etc. Once the plugin NewStatPress has been activated it immediately starts to collect statistics information. Using NewStatPress you could spy your visitors while they are surfing your blog or check which are the preferred pages, posts and categories. In the Dashboard menu you will find the NewStatPress page where you could look up the statistics (overview or detailed). NewStatPress also includes a widget one can possibly add to a sidebar (or easy PHP code if you can’t use widgets!). With the new ajax/javascript usage for variables in widget, the plugin is faster for a user being visit your site even with 1GB or more of database to use! (requires the External API be enabled in NewStatPress>Options>API) IMPORTANT: all previous versions from 1.0.4 are subject to XSS and SQL injection from an old Statpress routine. You have to use at least version 1.0.6 to avoid security issue. PLEASE UPDATE always to the latest version available. Support Check at http://newstatpress.altervista.org What’s new? Simple adding index to database and changes some data fields for better database storing (from here http://www.poundbangwhack.com/2010/07/03/improve-the-performance-of-the-wordpress-plugin-statpress-and-your-blog/ where some modification comes from) Ban IP You could ban IP list from stats editing def/banips.dat file. DB Table maintenance NewStatPress can automatically delete older records to allow the insertion of newer records when limited space is present. This features is left as original StatPress but it will be replaced by the history data instead. External API External API are a way to gives the collected informations as a web service using a POST call. With it you can use (for example) your collected data of WordPress inside a Drupal site. The API must be enables by check a flag into the option (by default is disabled) and a private KEY must be entered (you can generate a random one). This KEY is for authenticate the called as a valid allowed client. Even if the API is for external usage, it will be used internally for speed up page generation using AJAX, so at some point you will need to activate it to continue to see overview and Details pages. Actually those are the available commands: Command | Parameters | Description version gives the Newstatpress version in use dashboard gives the Newstatpress dashboard overview table External API is actually used by Multi-NewStatPress (a software than manages data from multiple installation of NewStatPress in different servers). If you want to use the API you need to pass to POST those values: VAR the variable for the query (like ‘Version’) KEY the MD5 of date at minute level plus the key you enter into option (e.g in PHP: md5(gmdate(‘m-d-y H i’).key) ) PAR the parameter associated with the VAR TYP the type of result: JSON (default) of HTML into those url: your_site+”/wp-content/plugins/newstatpress/includes/api/external.php” NewStatPress Widget / NewStatPress_Print function Widget is customizable. These are the available variables: %thistotalvisits% – this page, total visits %alltotalvisits% – all page, total visits %totalpageviews% – total pages view %monthtotalpageviews% – total pages view in the month %todaytotalpageviews% – total pages view today %since% – Date of the first hit %visits% – Today visits %yvisits% – Yesterday visits %mvisits% – Month visits %wvisits% – Week visits %totalvisits% – Total visits %os% – Operative system %browser% – Browser %ip% – IP address %visitorsonline% – Counts all online visitors %usersonline% – Counts logged online visitors %toppost% – The most viewed Post %topbrowser% – The most used Browser %topos% – The most used O.S. %topsearch% – The most used search terms In widget, those are special html contropart: %br% => %ul% => * %/ul% => %li% => %/li% => Now you could add these values everywhere! NewStatPress offers a new PHP function newstatpress_print(). * i.e. newstatpress_print(“%totalvisits% total visits.”); New experimental functions: place this command [NewStatPress: xxx] every were in your WordPress blog pages and you will have the graph about the xxx function. Available functions are: * [NewStatPress: Overview] * [NewStatPress: Top days] * [NewStatPress: O.S.] * [NewStatPress: Browser] * [NewStatPress: Feeds] * [NewStatPress: Search Engine] * [NewStatPress: Search terms] * [NewStatPress: Top referrer] * [NewStatPress: Languages] * [NewStatPress: Spider] * [NewStatPress: Top Pages] * [NewStatPress: Top Days – Unique visitors] * [NewStatPress: Top Days – Pageviews] * [NewStatPress: Top IPs – Pageviews] License GPLv2 or later License URI https://www.gnu.org/licenses/gpl-2.0.html