claude-plugin-wordpress-manager 2.0.0 → 2.1.0

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "wordpress-manager",
-  "version": "2.0.0",
-  "description": "Unified WordPress management plugin for Claude Code. Orchestrates Hostinger MCP (infrastructure), WP REST API bridge (81 tools incl. WooCommerce + Multisite), and WordPress.com MCP (hosted sites) with 10 specialized agents, 27 skills, and security hooks. Includes CI/CD pipeline automation (GitHub Actions, GitLab CI, Bitbucket), WordPress Multisite network management (10 tools via WP-CLI), WooCommerce store management (30 tools), local dev environment support, development, testing, security, i18n, accessibility, headless, and operations.",
+  "version": "2.1.0",
+  "description": "Unified WordPress management plugin for Claude Code. Orchestrates Hostinger MCP (infrastructure), WP REST API bridge (81 tools incl. WooCommerce + Multisite), and WordPress.com MCP (hosted sites) with 11 specialized agents, 28 skills, and security hooks. Includes site monitoring (uptime, performance baseline, security scanning, content integrity, alerting), CI/CD pipeline automation (GitHub Actions, GitLab CI, Bitbucket), WordPress Multisite network management, WooCommerce store management, local dev environment support, development, testing, security, i18n, accessibility, headless, and operations.",
   "author": {
     "name": "vinmor",
     "email": "morreale.v@gmail.com"
@@ -23,7 +23,9 @@
     "multisite",
     "network",
     "ci-cd",
-    "github-actions"
+    "github-actions",
+    "monitoring",
+    "uptime"
   ],
   "mcpServers": "./.mcp.json"
 }

package/CHANGELOG.md

@@ -2,6 +2,22 @@
 
 All notable changes to the WordPress Manager plugin for Claude Code.
 
+## [2.1.0] - 2026-02-28
+
+### Added
+- **WordPress monitoring support** — new skill and agent for ongoing site observability
+- **New skill**: `wp-monitoring` with 6 reference files (uptime checks, performance baseline, security scanning, content integrity, alerting strategies, reporting templates)
+- **New agent**: `wp-monitoring-agent` (color: teal) — read-only monitoring, health reports, anomaly detection, baseline comparison
+- **Detection script**: `monitoring_inspect.mjs` — detects existing monitoring setup (uptime, performance, security, logging, content integrity)
+
+### Changed
+- Router decision-tree.md upgraded to v8 with monitoring keywords and routing
+- `wp-audit` skill: added monitoring cross-reference
+- `wp-security-auditor` agent: added periodic scanning cross-reference to wp-monitoring
+- `wp-performance-optimizer` agent: added trend tracking cross-reference to wp-monitoring
+- `wp-site-manager` agent: added monitoring delegation row
+- Plugin now has 11 agents and 28 skills
+
 ## [2.0.0] - 2026-02-28
 
 ### Added

package/agents/wp-monitoring-agent.md

@@ -0,0 +1,184 @@
+---
+name: wp-monitoring-agent
+color: teal
+description: |
+  Use this agent when the user needs ongoing WordPress site monitoring — uptime checks, performance trend analysis, security scanning, content integrity verification, or generating health reports. This agent is read-only and does not modify the site.
+
+  <example>
+  Context: User wants to set up monitoring for their WordPress site.
+  user: "Set up monitoring for my opencactus.com site"
+  assistant: "I'll use the wp-monitoring-agent to establish a monitoring baseline and configure health checks."
+  <commentary>Monitoring setup requires running detection, establishing baselines, and configuring checks.</commentary>
+  </example>
+
+  <example>
+  Context: User wants a health report for their site.
+  user: "Give me a health report for my WordPress site"
+  assistant: "I'll use the wp-monitoring-agent to run uptime, performance, security, and content checks and generate a comprehensive report."
+  <commentary>Health reports combine data from multiple monitoring areas into a structured report.</commentary>
+  </example>
+
+  <example>
+  Context: User wants to track performance trends over time.
+  user: "Is my site getting slower? Can you check the performance trend?"
+  assistant: "I'll use the wp-monitoring-agent to analyze performance metrics and compare with the baseline."
+  <commentary>Performance trend analysis requires collecting current metrics and comparing with historical data.</commentary>
+  </example>
+model: inherit
+tools: Read, Grep, Glob, Bash, WebFetch, WebSearch
+---
+
+# WordPress Monitoring Agent
+
+You are a WordPress monitoring specialist. You perform comprehensive site health assessments across uptime, performance, security, and content integrity. You generate structured reports and surface anomalies. **You are read-only — you do not modify the site.**
+
+## Available Tools
+
+### WP REST Bridge (`mcp__wp-rest-bridge__*`)
+- **Multi-site**: `get_active_site`, `list_sites` — identify target site
+- **Content**: `list_content` — monitor content changes, detect unauthorized modifications
+- **Plugins**: `list_plugins` — track plugin versions, detect outdated/vulnerable plugins
+- **Users**: `list_users` — audit user accounts, detect anomalies
+- **Comments**: `list_comments` — monitor spam levels and moderation queue
+- **Media**: `list_media` — track media volume and integrity
+- **Discovery**: `discover_content_types` — verify API health
+
+### Hostinger MCP (`mcp__hostinger-mcp__*`)
+- **Hosting**: `hosting_listWebsites` — check hosting status and resources
+- **DNS**: `DNS_getDNSRecordsV1` — verify DNS records and email auth (SPF, DKIM, DMARC)
+
+### External Tools
+- **Bash**: Run health-check scripts, SSL checks, Lighthouse CLI, file integrity scans
+- **WebFetch**: Fetch PageSpeed Insights, check external URLs, verify sitemap
+- **WebSearch**: Research plugin CVEs, check vulnerability databases
+
+## Monitoring Procedures
+
+### Procedure 1: Detection — Assess Current Monitoring State
+
+1. Run the detection script:
+   ```bash
+   node skills/wp-monitoring/scripts/monitoring_inspect.mjs [--cwd=/path/to/project]
+   ```
+2. Review findings: which areas have existing monitoring, which have gaps
+3. Present summary of current monitoring coverage
+4. Recommend areas that need monitoring setup
+
+### Procedure 2: Baseline Establishment
+
+Run a full assessment to create a monitoring baseline:
+
+1. **Uptime baseline**: Check HTTP response, SSL expiry, WP-Cron status
+2. **Performance baseline**: Run Lighthouse audit, record CWV, measure TTFB
+3. **Security baseline**: Verify core checksums, list plugins with versions, count admin users
+4. **Content baseline**: Count published posts/pages, record media count, check comments
+5. **Save baseline**: Record all metrics with timestamp for future comparison
+
+### Procedure 3: Uptime Check
+
+1. Verify HTTP status via Bash: `curl -sL -o /dev/null -w "%{http_code} %{time_total}s" <site-url>`
+2. Check SSL expiry: `openssl s_client` command
+3. Verify REST API: `discover_content_types` via WP REST Bridge
+4. Check WP-Cron: verify last execution timestamp
+5. Report with response times and any failures
+
+### Procedure 4: Performance Scan
+
+1. Run Lighthouse audit (if CLI available): `lighthouse <url> --output=json`
+2. Measure TTFB via Bash: `curl -sL -o /dev/null -w "%{time_starttransfer}"`
+3. Check PageSpeed Insights via WebFetch (if site is public)
+4. Count active plugins via `list_plugins` — flag if > 20
+5. Compare with baseline — flag regressions > 20%
+6. Report CWV values with trend arrows
+
+### Procedure 5: Security Scan
+
+1. List plugins via `list_plugins` — check for updates and known CVEs
+2. Count admin users via `list_users` — compare with baseline
+3. Check WordPress core version — flag if update available
+4. Verify file integrity (if SSH access): `wp core verify-checksums`
+5. Check DNS records: SPF, DKIM, DMARC via `DNS_getDNSRecordsV1`
+6. Check SSL configuration via Bash
+7. Report findings with severity classification
+
+### Procedure 6: Content Audit
+
+1. List recent content via `list_content` with `orderby: "modified"` — check for unexpected changes
+2. Check comments: `list_comments` with `status: "hold"` and `status: "spam"` — report queue size
+3. Verify sitemap via WebFetch: check HTTP status and URL count
+4. Check robots.txt via WebFetch: verify no unexpected rules
+5. Report content changes, spam levels, and SEO health
+
+## Report Generation
+
+After completing relevant procedures, generate a report following the templates in `references/reporting-templates.md`:
+
+```
+## WordPress Health Report — [site-name]
+**Date:** [date] | **Scope:** [full / uptime / performance / security / content]
+
+### Overall Status: [✅ Healthy / ⚠️ Degraded / ❌ Critical]
+
+### Summary
+| Area | Status | Key Finding |
+|------|--------|-------------|
+| Uptime | [✅/⚠️/❌] | [brief note] |
+| Performance | [✅/⚠️/❌] | [brief note] |
+| Security | [✅/⚠️/❌] | [brief note] |
+| Content | [✅/⚠️/❌] | [brief note] |
+
+### Findings (by Severity)
+
+#### Critical
+[findings or "None"]
+
+#### High
+[findings or "None"]
+
+#### Medium
+[findings or "None"]
+
+#### Low / Info
+[findings or "None"]
+
+### Trend vs Baseline
+| Metric | Baseline | Current | Delta | Status |
+|--------|----------|---------|-------|--------|
+| TTFB | Xms | Xms | [+/-X%] | [✅/⚠️/❌] |
+| LCP | X.Xs | X.Xs | [+/-X%] | [✅/⚠️/❌] |
+| Active plugins | X | X | [+/-X] | [✅/⚠️] |
+| Admin users | X | X | [+/-X] | [✅/⚠️] |
+
+### Recommendations (Priority Order)
+1. [Most urgent action]
+2. [Second priority]
+3. [Third priority]
+```
+
+## Safety Rules
+
+- **NEVER modify any site data** — this agent is strictly read-only
+- **NEVER deactivate plugins**, update WordPress, or change any configuration
+- **NEVER expose credentials** or API tokens in reports
+- **ALWAYS verify site identity** before running checks (confirm with user)
+- **ALWAYS report anomalies** immediately — don't wait for the full report
+- If an active security incident is detected, **immediately alert the user** and recommend delegation to `wp-security-auditor` + `wp-security-hardener`
+
+## Delegation
+
+For issues found during monitoring:
+
+| Issue Found | Delegate To |
+|-------------|------------|
+| Security vulnerability or incident | `wp-security-auditor` agent (assessment) → `wp-security-hardener` agent (remediation) |
+| Performance degradation | `wp-performance-optimizer` agent |
+| Content or SEO issues | `wp-content-strategist` agent |
+| Plugin/deployment issues | `wp-deployment-engineer` agent |
+| Infrastructure/hosting issues | `wp-site-manager` agent |
+
+## Related Skills
+
+- **`wp-monitoring` skill** — monitoring strategies, reference files, and decision tree
+- **`wp-audit` skill** — one-time comprehensive audit (security + performance + SEO)
+- **`wp-security` skill** — security hardening procedures
+- **`wp-performance` skill** — backend profiling and optimization

package/agents/wp-performance-optimizer.md

@@ -208,3 +208,4 @@ Use both tool sets together for a complete picture — WP REST Bridge tells you
 
 - **`wp-performance` skill** — backend profiling with WP-CLI doctor/profile, query optimization, database analysis
 - **`wp-audit` skill** — performance audit checklists and scoring framework
+- **`wp-monitoring` skill** — for ongoing performance trend tracking and baseline comparison (via `wp-monitoring-agent`)

package/agents/wp-security-auditor.md

@@ -179,3 +179,4 @@ This checks wp-config constants, file permissions, .htaccess rules, and active s
 
 - **`wp-security` skill** — comprehensive hardening references (filesystem, headers, auth, API, incident response)
 - **`wp-audit` skill** — security/performance/SEO audit checklists and scoring
+- **`wp-monitoring` skill** — for scheduled periodic security scans and trend tracking (via `wp-monitoring-agent`)

package/agents/wp-site-manager.md

@@ -149,3 +149,4 @@ For domain-specific tasks, delegate to specialized agents:
 | WooCommerce store management | `wp-ecommerce-manager` | Products, orders, customers, coupons, analytics |
 | Multisite network management | `wp-site-manager` (this agent) | Sub-sites, network plugins, Super Admin — see section above |
 | CI/CD pipeline setup and troubleshooting | `wp-cicd-engineer` | GitHub Actions, GitLab CI, Bitbucket, quality gates |
+| Site monitoring and health reports | `wp-monitoring-agent` | Uptime, performance trends, security scanning, content integrity |

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "claude-plugin-wordpress-manager",
-  "version": "2.0.0",
-  "description": "Unified WordPress management and development plugin for Claude Code. Orchestrates Hostinger MCP, WP REST API bridge (81 tools incl. 30 WooCommerce + 10 Multisite), and WordPress.com MCP with 27 skills, 10 agents, and security hooks. v2.0.0 adds CI/CD pipeline automation: GitHub Actions, GitLab CI, Bitbucket Pipelines, quality gates, deploy strategies, secrets management.",
+  "version": "2.1.0",
+  "description": "Unified WordPress management and development plugin for Claude Code. Orchestrates Hostinger MCP, WP REST API bridge (81 tools incl. 30 WooCommerce + 10 Multisite), and WordPress.com MCP with 28 skills, 11 agents, and security hooks. v2.1.0 adds site monitoring: uptime checks, performance baseline, security scanning, content integrity, alerting strategies, and reporting templates.",
   "author": {
     "name": "vinmor",
     "email": "morreale.v@gmail.com"
@@ -30,7 +30,10 @@
     "network",
     "ci-cd",
     "github-actions",
-    "gitlab-ci"
+    "gitlab-ci",
+    "monitoring",
+    "uptime",
+    "health-check"
   ],
   "repository": {
     "type": "git",

package/skills/wordpress-router/references/decision-tree.md

@@ -1,4 +1,4 @@
-# Router decision tree (v7 — development + local environment + operations + multisite + CI/CD)
+# Router decision tree (v8 — development + local environment + operations + multisite + CI/CD + monitoring)
 
 This routing guide covers WordPress **development**, **local environment**, and **operations** workflows.
 
@@ -14,7 +14,7 @@ Keywords that indicate **local environment**:
 local site, Studio, LocalWP, Local by Flywheel, wp-env, local WordPress, start site, stop site, create local site, local development, symlink plugin, local database, switch PHP version, localhost, local preview, detect environment, WASM, SQLite local
 
 Keywords that indicate **operations**:
-deploy, push to production, audit, security check, backup, restore, migrate, move site, create post, manage content, site status, check plugins, performance check, SEO audit, WooCommerce, prodotto, ordine, coupon, negozio, catalogo, inventario, vendite, carrello, multisite, network, sub-site, sub-sito, domain mapping, super admin, network activate
+deploy, push to production, audit, security check, backup, restore, migrate, move site, create post, manage content, site status, check plugins, performance check, SEO audit, WooCommerce, prodotto, ordine, coupon, negozio, catalogo, inventario, vendite, carrello, multisite, network, sub-site, sub-sito, domain mapping, super admin, network activate, monitor, uptime, health report, trend, scansione periodica, alerting, performance baseline
 
 Keywords that indicate **development**:
 create block, block.json, theme.json, register_rest_route, plugin development, hooks, PHPStan, build, test, scaffold, i18n, translation, accessibility, a11y, headless, decoupled, WPGraphQL, CI, CD, pipeline, GitHub Actions, GitLab CI, deploy automatico, workflow, quality gate
@@ -92,6 +92,8 @@ Priority: `gutenberg` > `wp-core` > `wp-site` > `wp-block-theme` > `wp-block-plu
   → `wp-woocommerce` skill + `wp-ecommerce-manager` agent
 - **Multisite / network / sub-sites / domain mapping / super admin / network activate**
   → `wp-multisite` skill + `wp-site-manager` agent
+- **Monitor / uptime / health report / trend / scansione periodica / alerting / performance baseline / ongoing checks**
+  → `wp-monitoring` skill + `wp-monitoring-agent` agent
 
 ## Step 2c: route by local environment intent (keywords)
 

package/skills/wp-audit/SKILL.md

@@ -117,3 +117,4 @@ Combine findings into a unified report with:
 ## Related skills
 
 - `wp-security` — Deep security hardening, filesystem permissions, HTTP headers, incident response procedures
+- `wp-monitoring` — For ongoing monitoring (uptime, performance trends, security scanning, content integrity) beyond one-time audits

package/skills/wp-monitoring/SKILL.md

@@ -0,0 +1,121 @@
+---
+name: wp-monitoring
+description: This skill should be used when the user asks to "monitor my site", "set up
+  uptime checks", "performance baseline", "health report", "security scanning schedule",
+  "content integrity check", "alerting", "reporting", "trend analysis", "is my site up",
+  "site health over time", or mentions any form of ongoing WordPress monitoring and
+  observability. Orchestrates uptime, performance, security, and content monitoring.
+version: 1.0.0
+---
+
+# WordPress Monitoring Skill
+
+## Overview
+
+Provides strategies and procedures for continuous WordPress monitoring across five areas: uptime, performance, security, content integrity, and alerting. Combines WP REST Bridge tools, hosting APIs, Bash scripts, and external services for comprehensive observability.
+
+## When to Use
+
+- User wants ongoing site health monitoring (not a one-time audit)
+- User asks about uptime checks, performance trends, or scheduled security scans
+- User wants alerting when something goes wrong
+- User needs a periodic health report
+- User wants to track performance over time (baselines, trends)
+
+## Monitoring vs Audit
+
+| Need | Skill |
+|------|-------|
+| One-time assessment | `wp-audit` |
+| Ongoing monitoring | `wp-monitoring` (this skill) |
+| Security hardening | `wp-security` |
+| Performance optimization | `wp-performance` |
+
+## Decision Tree
+
+1. **What to monitor?**
+   - "uptime" / "is it up" / "response time" → Uptime checks (Section 1)
+   - "performance" / "speed trend" / "CWV over time" → Performance baseline (Section 2)
+   - "security scan" / "vulnerability check" / "malware" → Security scanning (Section 3)
+   - "content changed" / "broken links" / "spam" → Content integrity (Section 4)
+   - "alert me" / "notify" / "threshold" → Alerting strategies (Section 5)
+   - "report" / "weekly summary" / "dashboard" → Reporting templates (Section 6)
+   - "full monitoring" / "set up everything" → All sections, start with detection
+
+2. **Run detection first:**
+   ```bash
+   node skills/wp-monitoring/scripts/monitoring_inspect.mjs [--cwd=/path/to/project]
+   ```
+   This identifies existing monitoring setup and gaps.
+
+## Monitoring Areas
+
+### Section 1: Uptime Checks
+See `references/uptime-checks.md`
+- HTTP probe configuration
+- SSL certificate expiry monitoring
+- WP REST API health endpoint
+- Cron job scheduling
+- Response time thresholds
+
+### Section 2: Performance Baseline
+See `references/performance-baseline.md`
+- Core Web Vitals baseline capture
+- Lighthouse CI scheduled runs
+- TTFB trend tracking
+- Database query performance
+- Plugin impact over time
+
+### Section 3: Security Scanning
+See `references/security-scanning.md`
+- Plugin vulnerability checks (CVE database)
+- File integrity monitoring
+- User account anomaly detection
+- Malware scanning
+- WordPress core version tracking
+
+### Section 4: Content Integrity
+See `references/content-integrity.md`
+- Unauthorized content change detection
+- Broken link checking
+- Comment spam monitoring
+- Media file integrity
+- SEO health indicators
+
+### Section 5: Alerting Strategies
+See `references/alerting-strategies.md`
+- Severity thresholds and escalation
+- Notification channels (email, Slack, webhook)
+- Alert fatigue prevention
+- On-call rotation patterns
+- Incident response triggers
+
+### Section 6: Reporting Templates
+See `references/reporting-templates.md`
+- Daily health summary
+- Weekly performance report
+- Monthly security report
+- Quarterly trend analysis
+- Executive dashboard format
+
+## Reference Files
+
+| File | Content |
+|------|---------|
+| `references/uptime-checks.md` | HTTP probe, SSL, health endpoints, cron |
+| `references/performance-baseline.md` | CWV baseline, Lighthouse CI, TTFB trends |
+| `references/security-scanning.md` | CVE checks, file integrity, malware scanning |
+| `references/content-integrity.md` | Change detection, link checking, spam |
+| `references/alerting-strategies.md` | Thresholds, escalation, notification channels |
+| `references/reporting-templates.md` | Daily/weekly/monthly report templates |
+
+## Recommended Agent
+
+**`wp-monitoring-agent`** — executes monitoring procedures, generates reports, and surfaces anomalies. Read-only: does not modify the site.
+
+## Related Skills
+
+- **`wp-audit`** — one-time security/performance/SEO assessment (complements ongoing monitoring)
+- **`wp-security`** — hardening procedures triggered by monitoring alerts
+- **`wp-performance`** — optimization actions based on performance trends
+- **`wp-cicd`** — CI/CD quality gates that complement monitoring (pre-deploy checks)

package/skills/wp-monitoring/references/alerting-strategies.md

@@ -0,0 +1,205 @@
+# Alerting Strategies
+
+## Severity Levels
+
+| Level | Criteria | Response Time | Example |
+|-------|----------|--------------|---------|
+| **P0 — Critical** | Site down or data breach | Immediate (< 15 min) | HTTP 500, malware detected, admin account compromised |
+| **P1 — High** | Major degradation | Within 1 hour | TTFB > 5s, SSL expires in < 7 days, plugin with critical CVE |
+| **P2 — Medium** | Performance regression | Within 24 hours | CWV degradation > 20%, outdated plugins, spam spike |
+| **P3 — Low** | Informational | Next maintenance window | Minor CWV change, new WordPress version, content audit findings |
+
+## Alert Threshold Configuration
+
+### Uptime Thresholds
+
+```yaml
+uptime:
+  http_check:
+    warning: response_time > 3s
+    critical: response_time > 10s OR http_code != 200
+    consecutive_failures_before_alert: 3
+  ssl_expiry:
+    warning: days_remaining < 30
+    critical: days_remaining < 7
+  wp_cron:
+    warning: last_run > 30min
+    critical: last_run > 2h
+```
+
+### Performance Thresholds
+
+```yaml
+performance:
+  lcp:
+    warning: value > 2500ms
+    critical: value > 4000ms
+  cls:
+    warning: value > 0.1
+    critical: value > 0.25
+  ttfb:
+    warning: value > 800ms
+    critical: value > 1800ms
+  lighthouse_score:
+    warning: score < 70
+    critical: score < 50
+  regression:
+    warning: delta > 20% from baseline
+    critical: delta > 50% from baseline
+```
+
+### Security Thresholds
+
+```yaml
+security:
+  plugin_updates:
+    warning: outdated_count >= 3
+    critical: security_update_available == true
+  admin_accounts:
+    warning: count > baseline + 1
+    critical: unknown_admin_detected == true
+  file_integrity:
+    critical: core_files_modified == true
+    critical: php_in_uploads == true
+  malware_patterns:
+    critical: suspicious_code_detected == true
+```
+
+### Content Thresholds
+
+```yaml
+content:
+  spam_comments:
+    warning: count_24h > 50
+    critical: count_24h > 200
+  broken_links:
+    warning: count > 5
+    critical: count > 20 OR homepage_links_broken == true
+  unauthorized_changes:
+    warning: modified_outside_hours == true
+    critical: admin_content_modified_by_unknown == true
+```
+
+## Notification Channels
+
+### Email Alerts
+
+```bash
+#!/bin/bash
+# send-alert.sh — Unified alert sender
+
+SEVERITY="$1"    # P0, P1, P2, P3
+SUBJECT="$2"
+BODY="$3"
+ALERT_EMAIL="admin@example.com"
+
+case "$SEVERITY" in
+  P0) PREFIX="🔴 CRITICAL" ;;
+  P1) PREFIX="🟠 HIGH" ;;
+  P2) PREFIX="🟡 MEDIUM" ;;
+  P3) PREFIX="🔵 INFO" ;;
+esac
+
+echo "$BODY" | mail -s "[$PREFIX] $SUBJECT" "$ALERT_EMAIL"
+```
+
+### Slack Webhook
+
+```bash
+#!/bin/bash
+# slack-alert.sh — Send alert to Slack channel
+
+WEBHOOK_URL="$SLACK_WEBHOOK_URL"
+SEVERITY="$1"
+MESSAGE="$2"
+
+case "$SEVERITY" in
+  P0) COLOR="#FF0000"; ICON=":red_circle:" ;;
+  P1) COLOR="#FF8C00"; ICON=":large_orange_circle:" ;;
+  P2) COLOR="#FFD700"; ICON=":large_yellow_circle:" ;;
+  P3) COLOR="#4169E1"; ICON=":large_blue_circle:" ;;
+esac
+
+curl -s -X POST "$WEBHOOK_URL" \
+  -H 'Content-type: application/json' \
+  -d "{
+    \"attachments\": [{
+      \"color\": \"$COLOR\",
+      \"text\": \"$ICON $MESSAGE\",
+      \"footer\": \"WordPress Monitor | $(date -u +%Y-%m-%dT%H:%M:%SZ)\"
+    }]
+  }"
+```
+
+### Generic Webhook
+
+```bash
+#!/bin/bash
+# webhook-alert.sh — Send alert to any webhook endpoint
+
+WEBHOOK_URL="$1"
+PAYLOAD=$(jq -n \
+  --arg severity "$2" \
+  --arg site "$3" \
+  --arg message "$4" \
+  --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
+  '{severity: $severity, site: $site, message: $message, timestamp: $timestamp}')
+
+curl -s -X POST "$WEBHOOK_URL" \
+  -H 'Content-type: application/json' \
+  -d "$PAYLOAD"
+```
+
+## Alert Fatigue Prevention
+
+### Deduplication
+
+- **Same alert suppression**: Don't re-alert for the same issue within the cooldown period
+- **Cooldown periods**: P0 = 5 min, P1 = 30 min, P2 = 4h, P3 = 24h
+- **Recovery notification**: Send "resolved" when condition clears
+
+### Aggregation
+
+- **Batch P3 alerts**: Collect low-priority alerts and send as a daily digest
+- **Group related alerts**: If multiple plugins need updates, send one alert listing all
+- **Threshold escalation**: If P2 persists for 24h without resolution, escalate to P1
+
+### Noise Reduction Rules
+
+```yaml
+noise_reduction:
+  # Don't alert during known maintenance windows
+  maintenance_window:
+    day: sunday
+    start: "02:00"
+    end: "06:00"
+    suppress: [P2, P3]
+
+  # Ignore brief transient failures
+  consecutive_checks_required:
+    P0: 2    # Alert after 2 consecutive failures (10 min)
+    P1: 3    # Alert after 3 consecutive failures (15 min)
+
+  # Don't alert on performance during traffic spikes
+  suppress_performance_during_high_traffic: true
+```
+
+## Escalation Procedures
+
+### Escalation Matrix
+
+| Time Since Alert | P0 Action | P1 Action |
+|------------------|-----------|-----------|
+| 0 min | Notify primary on-call + Slack channel | Notify primary on-call |
+| 15 min | Escalate to secondary on-call | — |
+| 30 min | Escalate to team lead + phone call | Escalate to secondary |
+| 1 hour | Escalate to management | Escalate to team lead |
+
+### Incident Response Triggers
+
+When monitoring detects a P0 condition, automatically:
+1. Create incident record with timestamp and evidence
+2. Notify on-call via all channels (email + Slack + webhook)
+3. Capture current state: `wp plugin list`, `wp core version`, server logs
+4. **Delegate to `wp-security-auditor`** for security incidents
+5. **Delegate to `wp-security-hardener`** for immediate containment (if compromised)