Announcements · 16 min read

Free WordPress Site Monitoring: Uptime, SSL, Blacklist and Performance

By WP Vanguard Team

Free WordPress Site Monitoring: Uptime, SSL, Blacklist and Performance

Most WordPress site owners find out their site is down the same way their customers do: they try to visit it and get an error. They find out their SSL certificate expired when Chrome starts showing the red "Not Secure" warning to every visitor. They find out they were blacklisted by Google when their search traffic drops 90% in a week. By then, the damage is already done.

WP Vanguard was built to catch security problems before they turn into crises. We started with malware scanning -- deep SSH-based scans that find infected files, database injections, and backdoors. Today we are adding something that catches a different category of problem: the operational failures that bring down clean, uninfected sites every day.

Starting now, every WP Vanguard account includes always-on monitoring for five critical signals -- completely free, with no plugin to install, no SSH access required.

What We Are Announcing

Every site you add to WP Vanguard is now automatically enrolled in:

These run automatically. You do not need to configure anything. Add a site and monitoring starts.

All five features are included free with every account on every plan.

Uptime Monitoring

Your site going down is the most urgent problem on this list. Every minute offline is lost revenue, lost visitors, and a worse experience for anyone who tries to reach you.

WP Vanguard checks your site every 5 minutes. When a check fails, you get an email within minutes -- before most of your customers even notice. When the site comes back up, you get a recovery email that tells you the total downtime duration so you know exactly how long you were offline.

On your site detail page, you will find a full uptime history: a 45-day colour-coded bar chart, availability percentages for the last 24 hours, 7 days, and 30 days, average response time, and a log of every recent check. Green for up, red for down.

The dashboard shows a 7-day uptime percentage for every site at a glance. Sites above 99% show green. Between 95% and 99% shows orange. Below 95% shows red. You can see the health of your entire portfolio in seconds without clicking into individual sites.

For most sites on reliable hosting, uptime monitoring runs silently in the background and you never hear from it. That is the goal. But when something does go wrong -- a server crash, a failed plugin update that breaks the site, a hosting provider outage -- you will know within minutes instead of hours.

SSL Certificate Expiry Monitoring

SSL certificates expire. Every certificate has a fixed validity period, and when it lapses, every visitor to your site immediately sees a browser warning: "Your connection is not private." Chrome, Firefox, and Safari all show this. It does not matter that your content is clean and your site is otherwise healthy -- visitors will click away, and many will not come back.

Let's Encrypt certificates expire every 90 days. Even if you have auto-renewal configured, renewal can fail silently. Hosting provider certificates expire annually and renewal notifications get buried in inboxes. The result is that SSL expiry is one of the most common causes of unexpected site downtime, and it is almost entirely preventable.

WP Vanguard checks your SSL certificate expiry daily. We alert you at three points:

The SSL card on your site detail page shows "OK" in green when you have more than 30 days remaining. It switches to orange with days remaining when you have between 14 and 30 days. It turns red when you are under 14 days. If your certificate has not been checked yet, it shows "--".

The goal is that you never reach the red stage. A 30-day warning is weeks of lead time for something that takes 10 minutes to fix.

Domain Name Expiry Monitoring

Expired domains are a different kind of disaster from expired SSL certificates. When a domain expires, your site goes offline entirely. But worse, if you do not renew quickly, the domain enters a redemption period and eventually becomes available for anyone to register. There is an active market of domain squatters who watch for expiring domains, particularly ones with established traffic and backlinks. Losing a domain you have built for years to a squatter is an outcome that is extremely painful and sometimes impossible to reverse.

The other issue is that domain renewals happen once a year or less, making them easy to forget. Auto-renewal relies on a payment method staying current. Registrar notification emails end up in spam. Domains expire.

WP Vanguard performs a daily WHOIS lookup on the domain for each of your sites. When the expiry date is approaching, we alert you:

Because WHOIS data availability varies by TLD and registrar, some domains will show "--" if the lookup could not retrieve expiry data. This most commonly happens with newer TLDs and some country-code domains where registrars restrict WHOIS access. For the vast majority of .com, .net, .org, and common TLD domains, WHOIS lookups work reliably.

Google Blacklist Monitoring

When Google Safe Browsing flags your site for malware, phishing, or unwanted software, the consequences are immediate and severe. Chrome, Firefox, and Safari all use the Safe Browsing database. Users see a full-screen red warning page before they can reach your site. The warning says things like "Deceptive site ahead" or "Site ahead contains harmful programs." Even technically-savvy users will not click through.

The traffic impact is almost instantaneous. A site that gets blacklisted typically sees search traffic drop 50% to 90% within 24 hours. The ranking damage persists even after you clean the malware and get delisted, because the manual action in Google Search Console affects your rankings while it is active.

Getting blacklisted usually means your site was already compromised -- infected with malware that was redirecting visitors, injecting spam links, or serving phishing pages. But you might not know your site was compromised until the blacklisting happens, because the malware is often designed to only activate for certain users (search traffic, first-time visitors) while showing clean pages to you when you log in.

WP Vanguard checks your site against Google Safe Browsing weekly. If your site is flagged, you get an alert email immediately with three next steps:

  1. Run a deep scan to identify the infected files
  2. Request a cleanup to remove the malware
  3. Submit a review request to Google Search Console after cleanup

The blacklist card on your site detail shows "Listed" in red if your site is flagged, or "Clean" in green if it is clear. Running a deep scan at the first sign of anything suspicious is the best way to catch malware before blacklisting happens.

Performance Score Tracking

Site speed is a ranking factor. Google has been explicit about this since the Core Web Vitals update, and PageSpeed Insights gives you the same score Google uses as part of its ranking signals. A site that was scoring 85 six months ago might be at 60 today after a few plugin updates and a new slideshow widget were added -- and you might not even notice until rankings start slipping.

Every Monday, WP Vanguard fetches a PageSpeed Insights mobile score for each of your sites. Mobile scoring is what matters for SEO because Google uses mobile-first indexing.

Score ranges follow Google's thresholds:

The performance card on your dashboard shows the current score out of 100 with a "PageSpeed mobile" label so you know exactly what it measures. The first weekly check will populate the score, and it updates every Monday after that.

You can also trigger an on-demand check any time by clicking "Check now" on the Performance card on your site detail page. This is useful after you have made changes you want to measure immediately -- new caching configuration, image optimisation, switching to a lighter theme.

The performance score is not a diagnosis tool; it is an early warning system. A sudden drop tells you something changed. From there you can use Google PageSpeed Insights directly, Query Monitor, or a profiling tool to dig into what caused it.

On-Demand Checks for Blacklist and Performance

Blacklist and performance checks run automatically on a weekly schedule to stay within Google API quotas. But you do not have to wait for the weekly run.

Both the Blacklist card and the Performance card on your site detail page have a "Check now" button. Click it and WP Vanguard runs the check immediately and updates the result. This is useful when:

SSL and domain checks also run daily automatically. If you need them on demand, let us know -- we can add that to a future update.

Why No Plugin Required

Every monitoring feature in this release works without installing anything on your WordPress site.

Uptime monitoring is an HTTP check from our servers -- we request your site URL every 5 minutes and check for a successful response. SSL and domain monitoring are external checks against your certificate and WHOIS records. Blacklist monitoring calls the Google Safe Browsing API with your URL. Performance monitoring calls the PageSpeed Insights API with your URL.

None of these require access to your WordPress admin, your database, or your file system. They work on any site -- WordPress or not -- as long as it has a URL.

Deep scans and cleanup still require SSH credentials, because reading files and running WP-CLI commands requires server access. But monitoring works on any site you can reach over HTTP.

This means you can use WP Vanguard's monitoring features for sites where you do not have SSH access, sites managed by a hosting provider who handles the server layer, or sites belonging to clients where you want monitoring coverage without the full security scan setup.

Why These Features Are Free

WP Vanguard's model is pay-per-use for the things that cost us significant compute resources: deep scans and malware cleanups. A deep scan involves running 20 SSH commands on a remote server, parsing the output, and running AI enrichment on the results. A cleanup involves hours of expert work. These have real costs, so they have real prices: $1 for a deep scan, $49 for a full cleanup.

Monitoring is different. Once the infrastructure is in place, the marginal cost per site is small. Uptime checks are lightweight HTTP requests. SSL and domain checks are network lookups. We can run these at scale without the per-site cost being significant.

We could have put monitoring behind a subscription and charged $10 or $15 a month for it, the way most monitoring tools do. But that would mean WordPress site owners go without monitoring not because they cannot afford it, but because they do not want another recurring bill for a service they need to set up and configure.

Our goal is to make the security baseline for WordPress as low-friction as possible. Add your site, monitoring starts. You do not think about it until something needs attention.

The pay-per-use model funds the server infrastructure and expert team for cleanups. Free monitoring is how we make the product worth keeping installed between incidents.

What This Means for Your Dashboard

The dashboard view for each site now shows four monitoring columns alongside the health score from your last scan:

Alert badges appear below the metrics when action is needed: "Blacklisted", "SSL expiring", "Domain expiring", or open issues from your last scan.

The intent is that you can look at your dashboard and immediately see which sites need attention and which are running cleanly. Green across the board means everything is fine. Any amber or red flag tells you where to look.

Putting It Together: The Full WP Vanguard Stack

With this update, WP Vanguard covers the two categories of problem that affect WordPress sites:

Security problems -- malware, backdoors, injected code, vulnerable plugins, infected databases. These require active scanning (quick scan or deep scan) to find. Once found, they need cleanup.

Operational problems -- site going down, certificate expiring, domain expiring, getting blacklisted, performance degrading. These require ongoing monitoring to catch before they affect your users.

The quick scan and deep scan remain the core of the security side. Run a scan if you have not done one recently -- the vulnerability database covers 38,000+ CVEs and the deep scan checks file integrity, database injections, user accounts, and cron jobs.

Monitoring is now the continuous layer that runs between scans. Together they cover the full picture of what goes wrong with WordPress sites.

Monitoring for Agencies and Hosting Providers

If you manage WordPress sites for clients or at scale, the monitoring features matter differently than they do for a single-site owner. When you are responsible for 20, 50, or 200 sites, the risk is not that you miss a single incident -- it is that you miss incidents across a portfolio because checking each site manually is impractical.

WP Vanguard's dashboard is designed for multi-site visibility. Every site card shows the four monitoring columns side by side: Health, Uptime, SSL, and Performance. You can scan your entire portfolio in a single view and immediately see which sites have problems. Red badges stand out. Green means clear. You do not need to click into each site individually to find out which ones need attention today.

For agencies, the email alerts are just as important as the dashboard. When a client site goes down at 2am, you get the email. When a client's SSL certificate is 7 days from expiry, you get the alert with enough time to renew it before the client notices. This means you can proactively resolve issues rather than reacting when a client calls to report a problem.

WP Vanguard also offers a Partner API for agencies and hosting providers who want to integrate scanning and monitoring into their own workflows or client dashboards. The API supports surface scans, deep scans, and site registration via REST endpoints. Partners can receive webhook notifications when scan results are available, making it straightforward to build monitoring dashboards on top of WP Vanguard's infrastructure without running the scanner yourself.

Common Questions

Does monitoring require installing a plugin on my site?

No. Uptime, SSL, domain, blacklist, and performance checks all work externally -- we check your site from our servers without installing anything on your site. Deep scans and cleanups require SSH access, but monitoring does not.

How quickly will I know if my site goes down?

Uptime checks run every 5 minutes. If your site fails a check, you get an email. If it fails a second consecutive check (confirming it is actually down, not a transient network issue), the down notification goes out. In practice, you will know within 5 to 10 minutes of an outage starting.

What happens if my site is behind Cloudflare or a CDN?

Uptime checks work normally for sites behind Cloudflare and other CDNs. We check the public URL, so Cloudflare's caching and routing are transparent to the check. SSL checks inspect the certificate served by Cloudflare (or your CDN), which is the certificate your visitors actually see.

Do performance checks count against my Google API quota?

PageSpeed Insights checks run once per week per site automatically. If you use the on-demand "Check now" button, that triggers an additional check. WP Vanguard uses a shared API key for performance checks, so there is no quota impact on your Google account.

Can I turn off alerts I do not need?

Not yet -- alert preferences are coming in a future update. Right now all five monitoring types send alerts automatically when thresholds are crossed. The alert volume is low by design: you only hear from us when something actually needs attention, not on every successful check.

Getting Started

If you already have sites in WP Vanguard, monitoring is already running. You do not need to do anything. Check your site detail pages to see the new monitoring cards with the current status of each check.

If you are not using WP Vanguard yet, you can add your site and the first quick scan is free. Monitoring starts immediately after you add the site -- no configuration, no plugin install.

If you have questions about any of the monitoring features, the monitoring documentation covers everything in detail: check frequencies, alert schedules, what the status indicators mean, and the full email alerts reference.

What Is Next

We are not stopping here. A few things we are working on:

Follow the roadmap to see what is in progress.

The monitoring update is live now. Add your site and see what turns up.

wordpress monitoring uptime ssl security performance

Related reading

Every Free WordPress Security Tool Inside WP Vanguard Guides

Every Free WordPress Security Tool Inside WP Vanguard

 WP Vanguard Partner API - Security Scanning for Agencies and Hosting Companies Announcements

WP Vanguard Partner API - Security Scanning for Agencies and Hosting Companies

 Introducing WP Vanguard - Free WordPress Security Scanner Announcements

Introducing WP Vanguard - Free WordPress Security Scanner

Check Your WordPress Site Security

Free scan, no login required. Find vulnerabilities before attackers do.

Scan Your Site Free

Get weekly WordPress security tips

Vulnerability alerts, plugin updates, and security guides. No spam. Unsubscribe any time.

WP Vanguard is built by Wbcom Designs, makers of Reign, Jetonomy, Listora, and more. Explore our WordPress products →
← Back to Blog