FAIR

Federated and Independent Repositories

Sentinel Trust Monitor

Plugin Banner

Sentinel Trust Monitor

by devmuse

Download
Description

Sentinel Trust Monitor helps you understand whether your installed WordPress plugins still deserve your trust.

It detects unexpected changes, explains what they mean, and helps you decide what to do without noise, nags, or unnecessary complexity.

Key features:

  • Detect unexpected plugin changes
  • Understand what changed and why it matters
  • Mark trusted exceptions for known premium, custom, or agency-built plugins
  • Keep scan history local and private
  • Schedule local scans and optional admin email alerts

Privacy

Sentinel Trust Monitor 0.9.1 is local-first.

The tool stores scan history, metadata, trust scores, events, and settings in the local WordPress database.

Sentinel Trust Monitor does not collect visitor data, customer data, form submissions, post content, order data, or personal content.

Sentinel Trust Monitor does not send data to a devmuse service in this version.

When checking WordPress.org information, the tool may use standard WordPress.org metadata and update information for public repository extensions.

  1. Upload the files to the /wp-content/plugins/sentinel-trust-monitor directory, or install the zip through the WordPress Plugins screen.
  2. Activate Sentinel Trust Monitor through the Plugins screen.
  3. Go to Tools Sentinel Trust Monitor.
  4. Run your first local scan.
  1. Dashboard with trust score and highest-risk items.

    Dashboard with trust score and highest-risk items.

  2. Detail view with verdict, flags, event timeline, and score history.

    Detail view with verdict, flags, event timeline, and score history.

  3. Settings panel for scheduled scans and email alerts.

    Settings panel for scheduled scans and email alerts.

Does Sentinel Trust Monitor send my site data to devmuse or an external service?

No. This version is local-first and does not send data to a devmuse service.

Does it use WordPress.org data?

Yes, where available. Sentinel Trust Monitor may use normal WordPress.org metadata and update information for public repository extensions. This is similar to data WordPress already uses for update checks.

Is this a security plugin?

No. Sentinel Trust Monitor is a trust and change visibility layer. It does not replace a firewall, malware scanner, backup system, or security monitoring service.

Why would files change without a version update?

Possible reasons include manual edits, deployments, host-level changes, failed updates, or unauthorised modification. Sentinel Trust Monitor treats this as worth reviewing because normal updates usually change the version as well.

What about premium or custom extensions?

Premium, custom, bundled, or private extensions may not appear on WordPress.org. Sentinel Trust Monitor treats that as a review signal, not proof of danger.

Can I delete Sentinel Trust Monitor data?

Yes. Use the Clear Scan History control in the settings area. You can also choose to remove Sentinel Trust Monitor data on uninstall.

1.0.4

  • Checker-cleanup build for submission.
  • Removed unused Domain Path header.
  • Tightened custom-table schema upgrade escaping/comments.
  • Added clearer nonce-ignore comments for read-only admin notices.

1.0.3

  • Removed duplicate data/privacy controls.
  • Kept uninstall data deletion only in the dedicated Data & Privacy section.
  • Simplified trusted exception presentation to reduce repeated messaging.
  • Tidied dashboard settings layout.

0.9.6

  • Added per-item trusted exceptions.
  • Added Mark as Trusted / Remove Trusted Status action on detail views.
  • Trusted exceptions reduce dashboard and email alert noise while preserving scores, flags, and event history.
  • Added trusted exception badges in dashboard and inventory views.
  • Added manual scan error handling with admin feedback.
  • Added first-scan baseline messaging.
  • Renamed cleanup section to Data & Privacy.
  • Updated database schema for trusted exception metadata.

0.9.4

  • Fixed change-detection dashboard ordering so latest scan verdict cards populate correctly.
  • Added safer manual scan error handling.
  • Avoided repeated table installation checks on every scan unless the database version is missing or outdated.
  • Confirmed package naming remains aligned to sentinel-trust-monitor.

0.9.3

  • Restored and clarified the delete-all-data-on-uninstall setting.
  • Added a dedicated data controls panel.
  • Improved data retention wording in the dashboard.

0.9.2

  • Fixed scanner parse error introduced during repo-checker cleanup.
  • Package, folder, and main plugin file now consistently use the sentinel-trust-monitor slug.

0.9.1

  • Repo-checker cleanup package.
  • Renamed public repository package to Sentinel Trust Monitor to avoid restricted-name warnings.
  • Updated Tested up to value.
  • Added languages directory.
  • Added translator comments for placeholder strings.
  • Removed dynamic placeholder interpolation from scheduled email query.
  • Added explicit comments for intentional custom-table database operations.

0.9.0

  • Release-candidate repo-ready package.
  • Added improved first-run onboarding.
  • Added clear scan history control.
  • Added optional data removal on uninstall.
  • Added fuller WordPress.org readme, FAQ, and privacy wording.
  • Added plugin header metadata for repository packaging.
  • Added GPL license file.
  • General hardening and wording pass.

0.8.1

  • Added human-readable verdict system: Safe, Review, Attention.
  • Added “why this matters” and suggested action guidance.
  • Improved change interpretation so normal updates are not treated as suspicious file changes.
  • Added detail-view verdict panel.
  • Added verdict column to the highest-risk table.
  • Reduced raw change noise by highlighting unexpected file changes only when the version did not change.

0.8.0

  • Added individual detail view.
  • Added current risk flag explanations.
  • Added item-specific event timeline.
  • Added score history table.
  • Polished wording around unknown/premium/custom items.
  • Added privacy wording for local-first behaviour.

0.7.0

  • Added settings panel.
  • Added WP-Cron scheduled scans.
  • Added daily, twice weekly, weekly, and disabled scan frequency options.
  • Added optional admin email alerts.
  • Added alert threshold settings.
  • Added next scheduled scan display.

0.6.0

  • Added clearer change detection for the latest scan.
  • Added score-drop events.
  • Added activation status change events.
  • Added “What Changed Since Last Scan” dashboard panel.
  • Reduced repeated risk events by recording newly appearing serious flags only.

0.5.0

  • Added Sentinel column to the installed extensions screen.

0.4.0

  • Added WordPress.org intelligence.

0.3.0

  • Added local trust scoring engine.
  • Added status bands: Healthy, Watch, Review, Risky.
  • Added highest-risk dashboard panel.
  • Added recent local signals timeline.
  • Improved dashboard styling.

0.2.0

  • Added local scanner and database snapshots.

0.1.0

  • Initial dashboard shell and activation tables.
Back to top