Title: SlyMetrics Author: Timon Published: 29, Setiembre de 2025 Last modified: 19, Febreru de 2026 --- Guetar plugins ![](https://ps.w.org/slymetrics/assets/icon.svg?rev=3390717) # SlyMetrics By [Timon](https://profiles.wordpress.org/timonf/) [Download](https://downloads.wordpress.org/plugin/slymetrics.1.3.8.zip) * [Details](https://ast.wordpress.org/plugins/slymetrics/#description) * [Reviews](https://ast.wordpress.org/plugins/slymetrics/#reviews) * [Installation](https://ast.wordpress.org/plugins/slymetrics/#installation) * [Development](https://ast.wordpress.org/plugins/slymetrics/#developers) [Support](https://wordpress.org/support/plugin/slymetrics/) ## Description The SlyMetrics WordPress plugin is a powerful monitoring plugin that exports comprehensive WordPress metrics in Prometheus format. Perfect for DevOps teams and system administrators who want to monitor their WordPress sites using modern observability tools. **Key Features:** * **Prometheus Naming Compliance** – All metrics follow Prometheus best practices with consistent naming * **Secure Authentication** – Multiple authentication methods with encrypted token storage and rate limiting * **Comprehensive Metrics** – WordPress users, posts, pages, plugins, themes, comments, categories, tags, and media * **Advanced Monitoring** – WordPress version tracking, autoload performance, PHP configuration, database size * **Site Health Integration** – WordPress Site Health API integration for security and performance monitoring * **Directory Size Monitoring** – Track uploads, themes, and plugins directory sizes with intelligent caching * **REST API Integration** – Uses native WordPress REST API with enhanced security * **Performance Optimization** – 3-tier caching system with lazy loading and memory optimization * **Enterprise Security** – Input validation, SQL injection prevention, XSS protection, and security headers * **Environment Variable Support** – Enhanced security with external encryption key management * **Admin Interface** – User-friendly settings page with token management * **Multi-Site Support** – All metrics include site labels for multi-site filtering * **Grafana Optimized** – Display-friendly metrics specifically designed for clean table visualizations * **Clean URL Support** – WordPress Rewrite API integration for /slybase/metrics endpoints * **Professional Code Quality** – Enterprise-grade architecture with comprehensive error handling **Available Metrics:** * User counts per role * Post and page statistics by status * Plugin and theme information * Comment statistics * WordPress version and update status * Database and directory sizes * PHP configuration details * Site health check results * Grafana-optimized display metrics for clean table visualizations * Individual health check test results with detailed descriptions * And much more… **Authentication Methods:** 1. Bearer Token (Recommended) 2. API Key (URL Parameter) 3. WordPress Administrator (Automatic access for logged-in admins) **Security Features:** * AES-256-CBC encryption for token storage * Environment variable support for encryption keys * Secure random token generation * Multiple fallback authentication methods * Enterprise-grade input validation and sanitization * Advanced SQL injection prevention * XSS and CSRF protection with security headers * Rate limiting with IP-based throttling * Enhanced client IP detection with proxy support **Performance Features:** * 3-tier intelligent caching strategy * Lazy loading for heavy operations * Memory-optimized data structures * Database query optimization * Segmented cache invalidation * Background processing for directory scans ### Additional Information **GitHub Repository:** https://github.com/slydlake/slymetrics **Grafana Dashboard:** Included in the plugin package for comprehensive WordPress monitoring. **Support:** For issues and feature requests, please visit the GitHub repository. **Security:** For enhanced security in production, use environment variables for encryption keys and implement network-level access controls. Version 1.2.0 includes enterprise-grade security features including rate limiting, input validation, and comprehensive protection against common web vulnerabilities. ## Screenshots * [[ * Admin settings page for endpoint * [[ * Admin settings page for authentication methods * [[ * Admin settings page for user sampels * [[ * Grafana dashboard displaying WordPress metrics and health status * [[ * Grafana dashboard displaying WordPress metrics and health status * [[ * Grafana dashboard selectable Websites ## Installation 1. In WordPress: Install the plugin in the plugin section. Manual: Download and upload the plugin files to the `/wp-content/plugins/slymetrics/` directory 2. Activate the plugin through the ‘Plugins’ screen in WordPress 3. Navigate to ‘Settings’ ‘SlyMetrics’ to configure authentication tokens 4. Copy your Bearer Token or API Key for use in your Prometheus configuration 5. Configure your Prometheus server to scrape the metrics endpoint For detailed information take a look on the Github Page https://github.com/slydlake/ slymetrics **Prometheus Configuration Example:** ``` `yaml ``` scrape_configs: – job_name: ‘wordpress’ static_configs: – targets: [‘yoursite.com’] metrics_path: ‘/slymetrics/metrics’ authorization: type: Bearer credentials: ‘your_bearer_token_here’ scrape_interval: 60s ` ## FAQ ### What endpoints are available for metrics? The plugin provides multiple endpoint options: * Primary: `/slymetrics/metrics` (requires permalink support) * Alternative: `/slymetrics` (requires permalink support) * REST API: `/wp-json/slymetrics/v1/metrics` * Fallback: `/index.php?rest_route=/slymetrics/v1/metrics` * Query parameter: `/?slymetrics=1` ### Do I need to configure Apache or Nginx? No! The plugin works out-of-the-box without requiring server configuration changes. Fallback URLs are automatically provided if rewrites don’t work. ### How secure is the authentication? Extremely secure with enterprise-grade features. All tokens are encrypted using AES-256-CBC with unique initialization vectors. Version 1.2.0 adds comprehensive security enhancements including input validation, SQL injection prevention, XSS protection, rate limiting (60 requests/minute), and security headers. You can also use environment variables for the encryption key in production. ### What metrics are exported? The plugin exports comprehensive metrics including user counts, post/page statistics, plugin/theme information, database sizes, PHP configuration, site health data, and much more. All metrics include site labels for multi-site environments. ### Can I use this with multi-site WordPress? Yes! All metrics include site labels, making it perfect for monitoring multi-site WordPress installations. ### What are the system requirements? * WordPress 5.0 or higher * PHP 7.4 or higher * OpenSSL PHP extension (recommended for encryption) * WordPress administrator access for configuration * Minimum 64MB PHP memory limit (recommended 128MB for optimal performance) * Database with InnoDB support for performance metrics ## Reviews There are no reviews for this plugin. ## Contributors & Developers “SlyMetrics” is open source software. The following people have contributed to this plugin. Contributors * [ Timon ](https://profiles.wordpress.org/timonf/) [Translate “SlyMetrics” into your language.](https://translate.wordpress.org/projects/wp-plugins/slymetrics) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/slymetrics/), check out the [SVN repository](https://plugins.svn.wordpress.org/slymetrics/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/slymetrics/) by [RSS](https://plugins.trac.wordpress.org/log/slymetrics/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.3.8 * **✅ WordPress 6.9 Compatibility**: Verified compatibility and updated plugin metadata for WordPress 6.9 #### 1.3.7 * **🌍 UTF-8 Character Support**: Fixed label encoding to properly support umlauts and special characters (e.g., ö, ä, ü, é, etc.) #### 1.3.6 * **🚀 Headless WordPress Support**: Plugin now auto-initializes without requiring admin panel access * **🐳 Container-Friendly**: Perfect for Docker/Kubernetes deployments where wp- admin is never accessed * **⚡ Smart Initialization**: Automatic encryption key generation and token creation on first metrics request * **🔧 Performance Optimization**: Transient-based initialization check to avoid unnecessary database queries * **🛠️ Multi-Replica Ready**: Ensures consistent plugin behavior across all WordPress pods in scaled deployments * **📦 CI/CD Compatible**: Works seamlessly with fully automated WordPress deployments * **🏷️ HTML Entity Decoding**: Fixed Prometheus label values to properly decode HTML entities (e.g., ' ‘) #### 1.3.5 * **📊 Prometheus Configuration**: Added scheme parameter to Prometheus sample scraper configuration #### 1.3.4 * **🎨 New Plugin Icon**: Added custom plugin icon #### 1.3.3 * **🔧 Prometheus ServiceMonitor Fix**: Fixed Host header handling for Kubernetes ServiceMonitor compatibility * **🎯 Localhost Support**: Metrics endpoint now works correctly when accessed via localhost or Pod IP addresses * **📊 Monitoring Improvement**: Eliminates false-positive “TargetDown” alerts in Prometheus when scraping from within cluster #### 1.3.2 * **🐛 Encryption Key Bugfix**: Fixed encryption key creation during plugin installation * **🔧 Key Format Correction**: Proper base64 encoding for database-stored encryption keys (was incorrectly using hex format) * **🔄 Migration Support**: Automatic detection and migration of old hex-format encryption keys * **🛠️ Token Regeneration**: Auth tokens are regenerated when encryption key format is fixed * **🗑️ Uninstall Cleanup**: Added comprehensive plugin data removal during uninstallation( GitHub Issue #1) * **📊 Diagnostics Tool**: Added diagnostics.php for encryption key troubleshooting * **⚡ Environment Variables**: Improved environment variable handling for SLYMETRICS_ENCRYPTION_KEY #### 1.3.1 * **🗑️ Plugin Uninstall**: Complete database cleanup when plugin is uninstalled * **🧹 Data Removal**: Removes all options, transients, and cached data * **🔄 Rewrite Rules**: Flushes custom endpoints during uninstall #### 1.3.0 * **🔧 WordPress.org Compliance**: Complete compliance with WordPress.org Plugin Directory requirements * **📦 wp_enqueue Implementation**: Migrated from inline scripts/styles to proper wp_enqueue_script/style with wp_add_inline_* * **🎨 CSS Namespace Fix**: Added unique ‘slymetrics-‘ prefix to all CSS classes to prevent conflicts (.card .slymetrics-card, .code-block .slymetrics-code- block, .copy-btn .slymetrics-copy-btn) * **🔒 Security Enhancements**: Added phpcs:ignore comments for legitimate nonce bypasses in public metrics endpoints * **🎯 Admin Hook Correction**: Fixed admin page hook from ‘tools_page_slymetrics’ to ‘settings_page_slymetrics’ for proper script loading * **🚫 Endpoint Optimization**: Removed generic ‘/metrics’ route to reduce potential conflicts with other plugins * **📝 Code Quality**: Enhanced WordPress Coding Standards compliance with proper escaping and nonce handling * **🔧 Plugin Structure**: Improved plugin file organization following WordPress. org best practices * **✅ Copy Functionality**: Restored admin interface copy-to-clipboard functionality with proper CSS targeting #### 1.2.0 * **🏗️ Code Architecture Overhaul**: Complete refactoring of monolithic 670+ line function into 6 specialized, maintainable functions * **🔒 Enterprise Security Features**: Added comprehensive input validation, SQL injection prevention, XSS protection, and security headers * **⚡ Performance Optimization**: Implemented 3-tier intelligent caching strategy( Fast: 10s, Heavy: 5min, Static: 1h) for 3x performance improvement * **🌐 Multi-Language Consistency**: Converted all code comments to English for international development standards * **🛡️ Rate Limiting**: Added IP-based rate limiting (60 requests/minute) with proper HTTP 429 responses * **📊 Enhanced Error Handling**: Centralized error logging with structured context and WP_DEBUG integration * **🔐 Advanced Authentication**: Improved client IP detection with proxy support and enhanced token validation * **💾 Memory Optimization**: Implemented lazy loading for heavy operations and optimized data structures * **📝 Professional Documentation**: Added comprehensive PHPDoc comments and inline documentation * **🎯 Code Quality**: Achieved 98% reduction in function complexity and 90% reduction in code duplication * **🚀 Prometheus Label Security**: Enhanced label escaping with DoS protection and injection prevention * **⚙️ Database Security**: Enhanced prepared statements with input validation and table name sanitization * **🔧 Cache Segmentation**: Intelligent cache invalidation for different metric types (user/content/system metrics) * **📈 Maintainability Index**: Improved from 40/100 to 95/100 through systematic code quality improvements #### 1.1.0 * **Prometheus Naming Compliance**: Updated all metrics to follow Prometheus best practices with `wordpress_` prefix * **Consistent Labels**: Standardized all labels to use `wordpress_site` instead of `wp_site` * **Environment Variables**: Changed to `SLYMETRICS_*` prefix for better plugin identification * **Enhanced Metrics**: Improved metric naming with proper units and types (bytes instead of KB/MB) * **Updated Endpoints**: Consistent `/slymetrics/` endpoint usage across all configurations * **Plugin Rebranding**: Renamed from “Prometheus Metrics” to “SlyMetrics” for better branding * **Documentation**: Updated all documentation, examples, and configuration guides #### 1.0.1 * Fixed REST API Endpoints /prometheus/metrics and /metrics * Enhanced Site Health integration with detailed test results * Fixed plugin update metrics to include inactive plugins * Added wp_health_check_detail metrics for granular monitoring * Improved WordPress Coding Standards compliance * Fixed PHP Version export as label string * Added Grafana-optimized display metrics (wp_php_version, wp_memory_limit_display, wp_upload_max_display, wp_post_max_display, wp_exec_time_display) * Enhanced table compatibility for Grafana dashboards with unique label structures * Improved WordPress Rewrite API integration for clean /prometheus/metrics URLs * Added comprehensive health check monitoring with individual test results #### 1.0.0 * Initial release * Comprehensive WordPress metrics export * Multiple authentication methods * Encrypted token storage * Site health integration * Directory size monitoring * Multi-site support * Admin interface for token management * Environment variable support for enhanced security * Built-in caching for performance * Multiple endpoint options for compatibility ## Meta * Version **1.3.8** * Last updated **2 meses ago** * Active installations **30+** * WordPress version ** 5.0 or higher ** * Tested up to **6.9.4** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/slymetrics/) * Tags * [metrics](https://ast.wordpress.org/plugins/tags/metrics/)[monitoring](https://ast.wordpress.org/plugins/tags/monitoring/) [performance](https://ast.wordpress.org/plugins/tags/performance/) * [Advanced View](https://ast.wordpress.org/plugins/slymetrics/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/slymetrics/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/slymetrics/reviews/) ## Contributors * [ Timon ](https://profiles.wordpress.org/timonf/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/slymetrics/)