{"id":316667,"date":"2026-06-11T05:14:13","date_gmt":"2026-06-11T05:14:13","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/server-scout\/"},"modified":"2026-06-11T04:58:53","modified_gmt":"2026-06-11T04:58:53","slug":"server-scout","status":"publish","type":"plugin","link":"https:\/\/ja.wordpress.org\/plugins\/server-scout\/","author":12189875,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"trunk","tested":"7.0","requires":"5.5","requires_php":"7.4","requires_plugins":null,"header_name":"Server Scout","header_author":"susheelhbti","header_description":"Helps server administrators discover and manage all WordPress installations on the same server. Shows site details, WordPress version, and admin users in a single dashboard.","assets_banners_color":"","last_updated":"2026-06-11 04:58:53","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/server-scout","header_author_uri":"https:\/\/profiles.wordpress.org\/susheelhbti","rating":0,"author_block_rating":0,"active_installs":0,"downloads":22,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":{"1.0.0":"<p>Initial release \u2014 no upgrade needed.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"The main dashboard after scanning \u2014 shows all discovered WordPress installations.","2":"Admin user list with the Generate Login Link button.","3":"A generated login link ready to use."}},"plugin_section":[],"plugin_tags":[83,2156,441,2925,3972],"plugin_category":[51,59],"plugin_contributors":[88952],"plugin_business_model":[],"class_list":["post-316667","plugin","type-plugin","status-publish","hentry","plugin_tags-admin","plugin_tags-management","plugin_tags-multisite","plugin_tags-server","plugin_tags-tools","plugin_category-multisite","plugin_category-utilities-and-tools","plugin_contributors-susheelhbti","plugin_committers-susheelhbti"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/server-scout.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Server Scout<\/strong> is a tool for server administrators who manage multiple WordPress sites on the same server. Instead of logging into each site one by one, Scout gives you a single dashboard where you can see every WordPress installation on the server and quickly access them.<\/p>\n\n<h4>What it does<\/h4>\n\n<ul>\n<li>Recursively scans a directory of your choice (e.g. <code>\/var\/www<\/code>) for all WordPress installations.<\/li>\n<li>Displays each site's name, URL, WordPress version, and database prefix.<\/li>\n<li>Lists all administrator users for each site (username + email).<\/li>\n<li>Generates a secure, one-time, 5-minute login link so you can jump straight into any site's admin area without needing the password.<\/li>\n<\/ul>\n\n<h4>Who is it for?<\/h4>\n\n<ul>\n<li><strong>VPS \/ dedicated server owners<\/strong> managing multiple client or personal WordPress sites.<\/li>\n<li><strong>Developers<\/strong> running several local or staging environments on one machine.<\/li>\n<li><strong>Agencies<\/strong> with a fleet of sites on a single server.<\/li>\n<\/ul>\n\n<h4>How login links work<\/h4>\n\n<ol>\n<li>Click <strong>Generate Login Link<\/strong> next to any admin user.<\/li>\n<li>A cryptographically signed, one-time token is stored in that site's database (valid for 5 minutes).<\/li>\n<li>The generated link goes through WordPress's standard <code>admin-ajax.php<\/code> endpoint \u2014 not a direct PHP file \u2014 and includes a nonce for request verification.<\/li>\n<li>Opening the link logs you directly into that site's admin dashboard.<\/li>\n<li>The token is deleted immediately on first use \u2014 it cannot be used twice.<\/li>\n<\/ol>\n\n<h4>Security<\/h4>\n\n<ul>\n<li>Requires the <code>manage_options<\/code> capability (Administrator) to use the plugin.<\/li>\n<li>All form submissions are protected with WordPress nonces.<\/li>\n<li>Login links use <code>wp_ajax_nopriv_<\/code> (WordPress AJAX), include a nonce, and go through <code>admin-ajax.php<\/code>.<\/li>\n<li>Tokens are HMAC-signed with WordPress's built-in <code>secure_auth<\/code> salt \u2014 cannot be forged.<\/li>\n<li>Scan paths are validated with <code>realpath()<\/code> before use.<\/li>\n<li>All database queries use prepared statements.<\/li>\n<li>The standard <code>wp_login<\/code> action is fired on login so security plugins (login limiters, audit logs) are notified.<\/li>\n<\/ul>\n\n<p><strong>Important:<\/strong> This plugin is intended for server administrators only. Do not install it on shared hosting environments where you do not control all sites on the server.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>server-scout<\/code> folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu in WordPress.<\/li>\n<li>Go to <strong>Tools \u2192 Server Scout<\/strong> in the admin menu.<\/li>\n<li>Enter the root directory to scan (e.g. <code>\/var\/www<\/code>) and click <strong>Scan Server<\/strong>.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"will%20this%20work%20on%20shared%20hosting%3F\"><h3>Will this work on shared hosting?<\/h3><\/dt>\n<dd><p>Technically yes, but it is not recommended. This plugin reads the database credentials of other WordPress installations on the same server. Only use it if you own and administer all sites on that server.<\/p><\/dd>\n<dt id=\"can%20someone%20else%20generate%20login%20links%20for%20my%20site%3F\"><h3>Can someone else generate login links for my site?<\/h3><\/dt>\n<dd><p>No. The plugin requires Administrator-level access (<code>manage_options<\/code>) to the WordPress site it is installed on. Login links also require a valid nonce and are protected by an HMAC-signed token.<\/p><\/dd>\n<dt id=\"what%20happens%20to%20unused%20login%20links%3F\"><h3>What happens to unused login links?<\/h3><\/dt>\n<dd><p>Tokens expire automatically after 5 minutes. When you delete the plugin, <code>uninstall.php<\/code> cleans up any leftover tokens from the database.<\/p><\/dd>\n<dt id=\"the%20scan%20found%20no%20results.%20what%20should%20i%20check%3F\"><h3>The scan found no results. What should I check?<\/h3><\/dt>\n<dd><ul>\n<li>Make sure PHP has read permission for the scan directory.<\/li>\n<li>Try a more specific path (e.g. <code>\/var\/www\/html<\/code> instead of <code>\/<\/code>).<\/li>\n<li>Some server setups place sites under <code>\/home<\/code> or <code>\/srv\/www<\/code>.<\/li>\n<\/ul><\/dd>\n<dt id=\"why%20does%20the%20login%20link%20say%20%22invalid%22%3F\"><h3>Why does the login link say \"invalid\"?<\/h3><\/dt>\n<dd><p>The link was either already used (one-time only) or has expired (5-minute window). Generate a new one.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Helps server administrators discover and manage all WordPress installations on the same server from a single dashboard.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/316667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=316667"}],"author":[{"embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/susheelhbti"}],"wp:attachment":[{"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=316667"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=316667"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=316667"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=316667"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=316667"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=316667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}