NPC Maintenance Inspector

NPC Maintenance Inspector performs 9-point health diagnostics on your WordPress site directly from the admin dashboard:

1. WordPress core updates — Detect missing core updates.
2. Plugin updates — List plugins with available updates.
3. Site Health issues — Extract critical issues from WP standard Site Health API.
4. PHP version — Warn on end-of-life PHP versions.
5. Error log analysis — Summarize debug.log entries and save a one-click backup to uploads/ for safe review.
6. File integrity — Detect suspicious code patterns in core files (eval / base64_decode / etc.) by comparing checksums against the WordPress.org Checksum API.
7. Suspicious files — Find unexpected PHP files in wp-content/uploads/, with built-in whitelist for known legitimate plugin files (Ajax Load More templates, WP STAGING index.php, AIOS firewall rules, etc.).
8. SSL certificate — Check days until expiration (warn under 30 days, critical at 0).
9. File permissions — Check critical files like wp-config.php, .htaccess, wp-content/.

Operational features:

• History — Keep the last 10 diagnoses as a custom post type.
• Scheduled auto-check — Run daily, weekly, or monthly via WP Cron.
• Email notifications — Send alerts only on critical issues.
• One-click debug.log clear — Truncate the log while preserving file permissions.
• Optional AI report — Generate maintenance suggestions via Anthropic Claude API. Disabled by default; opt-in via a wp-config.php constant.

The plugin is locked to the user who activated it and to the original site URL, so it stays inert after backup restores to a different domain.

External services

This plugin can optionally connect to the Anthropic Claude API (https://api.anthropic.com/v1/messages) to generate AI-powered maintenance reports. This is the only external service the plugin ever contacts.

When is data sent?

• When you manually click the “Generate AI Report” button in the admin.
• When an automatic scheduled diagnosis detects a critical issue and notifications are enabled. In that case the AI report is generated once per critical run and attached to the notification email.

What data is sent?

• The diagnosis result text only:
  • Site URL, site name, WordPress version, theme name
  • Counts of plugin updates / Site Health issues / error-log entries
  • PHP version, memory limit, max upload size
  • SSL expiration date and days remaining
  • File-permission status of critical files
  • Suspicious code patterns detected (function names like eval, base64_decode)
• No login data, no post content, no personal data of site visitors.

Is the data sent unconditionally?

No. The AI feature is completely disabled unless you define NPCMI_API_KEY in wp-config.php. Without that constant, no external connection to Anthropic is ever made.

Anthropic’s terms and privacy policy:

• Consumer Terms of Service: https://www.anthropic.com/legal/consumer-terms
• Privacy Policy: https://www.anthropic.com/legal/privacy
• Commercial Terms of Service (if you use a paid API plan): https://www.anthropic.com/legal/commercial-terms

By enabling the AI report feature (i.e. by defining NPCMI_API_KEY), you agree to Anthropic’s applicable terms.