Server Capability Inspector
Everything you need to read, understand, and act on your server's capabilities — written for site owners, not developers.
Welcome
Server Capability Inspector adds a single page to your WordPress admin that shows every relevant detail about the server your site runs on. PHP version, memory, database, file permissions, installed extensions, image processing, mail, network — all of it, on one page, with traffic-light indicators so you can tell at a glance what's healthy and what needs attention.
This guide walks you through installing the plugin, reading every section, fixing common problems, and sharing your server profile safely when you need help.
Reading time: About 12 minutes for the full guide. If you only have a minute, skip straight to Your First Look — that's enough to get value out of the plugin.
Requirements
Before installing, check that your site meets these minimums:
| Requirement | Minimum | Notes |
|---|---|---|
| WordPress | 5.8 | Tested up to the latest release. |
| PHP | 8.2 | The plugin will not activate on older PHP and will display a clear notice instead of breaking your site. |
| Browser | Any modern browser | Chrome, Firefox, Safari, Edge — all current versions. |
| Permissions | Administrator | Only users with the manage_options capability can see the page. |
If your host runs PHP 8.1 or older, ask them to switch your site to PHP 8.2 or higher. Most managed hosts offer this as a one-click setting in cPanel or their custom dashboard. If you are unsure, contact your host's support and quote: "Please switch my site to PHP 8.2 or newer."
Installation
Method 1 — Upload via WordPress admin (recommended)
- Open the Plugins page
Log into your WordPress admin and go to Plugins → Add New Plugin.
- Click "Upload Plugin"
The button is at the top of the screen, next to the page title.
- Choose the ZIP file
Select the
server-capability-inspector-1.0.0.zipfile you downloaded from your account. - Click "Install Now"
WordPress will unpack the plugin into
/wp-content/plugins/. - Activate
Once installation finishes, click the "Activate Plugin" link.
Method 2 — Manual upload via FTP / SFTP
- Unzip the file on your computer
You should see a folder called
server-capability-inspectorwith the plugin files inside. - Connect to your server
Use an FTP client (FileZilla, Cyberduck, or your hosting file manager).
- Upload the folder
Drop the entire
server-capability-inspectorfolder into/wp-content/plugins/. - Activate in WordPress admin
Go to Plugins → Installed Plugins and click "Activate" next to Server Capability Inspector.
After activation, you will find the plugin under Tools → Server Inspector. There are no settings to configure. The page works immediately.
Your First Look
Open Tools → Server Inspector. You'll see a single page with the following layout, top to bottom:
- Header — the plugin name and tagline
- Health score card — a coloured circular ring showing your server's overall score from 0 to 100, with a list of any failing checks shown as small badges
- Action buttons — Copy Full Report, Copy Redacted, Print, Expand All, Collapse All
- Ten sections — WordPress, PHP, Server, Database, Filesystem, cURL & Network, Image Libraries, Mail, PHP Extensions, Installed Plugins
Every section is expanded by default. To collapse one, click its header. To collapse everything, use the Collapse All button at the top.
Each value in a section has a small coloured dot next to it indicating its status:
| Green | Healthy. No action needed. |
| Amber | Could be better. Worth investigating, not urgent. |
| Red | Problem. This is likely affecting your site or will affect it soon. |
| Grey | Informational. Neither good nor bad — just data. |
The Health Score
How the score works
The number inside the ring is calculated from about a dozen automated checks against your server. The plugin runs each check, counts how many pass, and divides — so a score of 80 means roughly four out of every five checks passed.
The colour of the ring tells you where you stand:
Healthy
Your server is well-configured. Most plugins and themes will run without issues.
Acceptable
Your server runs WordPress fine, but some settings could be improved. Worth contacting your host.
Needs work
Important capabilities are missing or misconfigured. You may run into errors with media uploads, plugins, or email.
Below the score number you'll see badges listing the specific checks that failed — for example "Memory ≥ 256M" or "Extension: imagick". These are what you'd ask your host to fix.
The score is a guideline, not a verdict. A site can run perfectly well on a 65 if all the missing items are non-essential to what your site actually does. Use the score to spot real problems, not to chase a perfect 100.
Fixing failing checks
Most failing checks fall into one of these categories. Each one tells you who needs to act.
| Failing check | What it means | Who fixes it |
|---|---|---|
| PHP version too old | Your hosting is running an outdated PHP release. | Your host (one-click upgrade in most panels) |
| Memory below 256MB | Heavy plugins may run out of memory. | Your host or developer |
| Upload size below 32MB | You can't upload large media files. | Your host |
| Required extension missing | A standard PHP extension is not installed. | Your host (free, takes minutes) |
| HTTPS not active | Your site is using HTTP instead of HTTPS. | Your host (most offer free Let's Encrypt SSL) |
| Uploads directory not writable | Media uploads will fail. | Your host or developer (file permission fix) |
Reading the Sections
Each section is independent. You can read one and ignore the rest. Below is a guide to what each one contains and what to look for.
🌐 WordPress Information
This section shows your WordPress configuration: version, multisite status, debug mode, memory limit, theme, language, timezone, character set, and whether an external object cache (such as Redis or Memcached) is active.
What to watch for:
- Debug: should be Disabled on a live site. If it shows Enabled, your visitors might see PHP error messages — switch it off in
wp-config.php. - WordPress version: aim for the latest. Outdated WordPress is a security risk.
- Object cache: "External" is faster but optional. "None" is normal for most sites.
- REST API: should show "Available". If it shows "Blocked by filter", a security plugin is preventing the REST API from running, which can break the block editor and many modern plugins.
⚙️ PHP Configuration
This is the section that determines whether most plugins will work. It shows your PHP version, memory limits, file upload limits, execution time, and OPcache status.
What to watch for:
- PHP version: 8.2 or newer is ideal. Anything below 8.0 should be upgraded immediately.
- Memory limit: 256MB minimum, 512MB if you run WooCommerce, page builders, or other heavy plugins.
- Upload max filesize: 32MB minimum. If you upload videos or large galleries, ask for 128MB or more.
- Max execution time: 30 seconds is the standard floor. Longer is fine.
- OPcache: "Enabled" gives a major speed boost. If "Disabled", ask your host to turn it on.
- Display errors: should be "Off" on a live site to avoid leaking technical messages to visitors.
🖥️ Server Environment
Software running on your server (Apache, Nginx, LiteSpeed), the protocol, whether HTTPS is active, your IP, hostname, document root, WordPress root path, and port.
What to watch for:
- HTTPS: should be "Yes". HTTP-only sites are flagged as insecure by browsers and rank lower in search results.
- Server software: mostly informational. Apache, Nginx, and LiteSpeed are all fine.
🗄️ Database
Database server version (MySQL or MariaDB), client library version, host, name, character set, collation, table prefix, and the maximum packet size your queries can use.
What to watch for:
- Server version: MySQL 5.7 or higher, or MariaDB 10.3 or higher. Older versions are missing features.
- Charset:
utf8mb4is the modern standard and supports emoji. - Max allowed packet: 16MB minimum. If it's lower, importing large content (XML files, big posts) may fail silently.
📁 Filesystem
Whether key directories are writable: uploads, wp-content, the WordPress root, and the temporary directory. Plus your free disk space.
What to watch for:
- Uploads writable: must be "Yes". If "No", media uploads will fail.
- wp-content writable: "Yes" lets you install plugins and themes through the admin. "No" means you'll need FTP for installs.
- Temp dir writable: should be "Yes". File uploads use this directory before moving files to their final location.
- Free disk space: if it's under a few hundred MB, contact your host.
🔗 cURL & Network
The cURL extension handles all outgoing connections — fetching update checks, sending emails through external services, talking to payment gateways, and so on.
What to watch for:
- cURL version: any modern version is fine.
- SSL backend: should support modern TLS. If this section shows "NOT AVAILABLE", many plugins won't work — contact your host.
🖼️ Image Libraries
Whether GD or Imagick are installed, and which image formats they can process: JPEG, PNG, GIF, WebP, AVIF.
What to watch for:
- You need at least one of GD or Imagick. Both is better.
- JPEG, PNG, GIF support: all should be "Yes".
- WebP support: recommended for modern, smaller image files.
- AVIF support: nice to have, optional.
- If Imagick shows "Loaded (restricted policy)", the extension is installed but limited. This is a host-side configuration; contact them if specific formats fail.
📧 Mail Configuration
Whether the WordPress wp_mail() function is available, plus SMTP and sendmail settings.
What to watch for:
- wp_mail function: should be "Available".
- For reliable delivery, install an SMTP plugin (such as one that connects to Mailgun, SendGrid, Amazon SES, or Gmail) and don't rely on the host's default mail.
🧩 PHP Extensions
This is the biggest section. It shows over fifty PHP extensions as colour-coded pills, sorted alphabetically. The legend at the top of the section explains the three tiers:
- Required — extensions WordPress and most plugins absolutely need (curl, json, mbstring, openssl, xml, mysqli, hash, pcre, spl). If any of these are missing, that's an emergency to fix with your host.
- Recommended — strongly suggested for performance, image processing, and internationalization (gd, imagick, zip, dom, simplexml, fileinfo, intl, opcache, sodium, exif).
- Optional — useful for specific use cases (apcu, memcached, redis, ldap, soap, etc). Don't worry if these are missing unless you specifically need them.
Use the search box at the top of the section to find a specific extension by name. Type the first few letters and the list filters in real time.
🔌 Installed Plugins
Every plugin installed on your site, with its version, author, minimum PHP requirement, minimum WordPress requirement, and current status (Active, Inactive, Network Active, or MU Plugin).
Use the search box to filter by plugin name, author, or version. This is especially useful when:
- Auditing a site you just inherited from another developer or agency
- Checking whether a problematic plugin is still active
- Compiling a list of plugins for a client report
- Finding a plugin whose name you can't quite remember
Sharing the Report
The action bar at the top of the page has two ways to copy your full server profile to the clipboard: Copy Full Report and Copy Redacted. They produce identical formatting, but the redacted version masks information that should never appear on a public forum.
Copy Full Report
Includes everything: database host, table prefix, server IP, hostname, file paths, session paths, and site URLs. Use this for your own private records or a trusted private support channel.
Copy Redacted
Replaces sensitive values with [REDACTED]. Safe to paste into public forums, GitHub issues, Stack Exchange answers, or community Slack channels.
Always use Copy Redacted when posting in public. Database hosts, IPs, and file paths can help an attacker map your site. The Full report is fine for your own records; share it only over private channels with people you trust.
When you click Copy Full Report, the plugin first asks you to confirm. This is a deliberate friction step to prevent accidental leaks. The redacted version copies immediately without a prompt.
What gets masked in the redacted version
- Server IP address and hostname
- Document root and WordPress installation path
- Database host, database name, table prefix
- Site URL and home URL
- Uploads directory, wp-content path, temp directory
- Session save path
Printing & Saving
The Print button opens your browser's standard print dialog, but with a custom stylesheet that makes the output much cleaner than printing a normal admin page.
What changes when printing:
- Action buttons, search inputs, and the toast notification are hidden
- The WordPress admin sidebar, top toolbar, and footer are hidden
- The colourful score card converts to plain black-and-white
- Sections won't split across page breaks where avoidable
- All collapsed sections expand automatically so nothing is missing
To save as a PDF instead of printing on paper, choose "Save as PDF" as the destination in the print dialog. Works in Chrome, Firefox, Safari, and Edge.
Searching & Filtering
Two sections include a live search box at the top: PHP Extensions and Installed Plugins.
Just start typing. The list filters as you type — no need to press Enter. The search is case-insensitive and matches anywhere in the entry, so typing cur finds curl, secure, cursor, and any plugin with those letters in its name or author.
To clear the filter, delete the text or click the small × inside the search box (visible in most browsers).
Dark Mode
The plugin automatically follows your operating system's appearance setting. If your computer is in dark mode, so is the plugin. If you switch your system to light mode, the plugin follows.
You don't need to configure anything. There's no toggle inside the plugin — appearance is handled at the operating system level so the entire WordPress admin can stay consistent.
Troubleshooting
The plugin won't activate
The most common reason is PHP being too old. Server Capability Inspector requires PHP 8.2. If you see a notice mentioning the PHP version, contact your host and ask them to upgrade. This is usually a free, fast change.
I can't find the plugin page
Make sure you're logged in as an Administrator. The plugin only appears under Tools → Server Inspector for users with the manage_options capability. Editors, Authors, and other roles cannot see it.
The score never changes
Server changes don't always show up immediately. The plugin caches its snapshot for 60 seconds to keep page loads fast. Wait a minute and reload, and any changes to your server (a new PHP version, a new extension installed) will appear.
Copying the report does nothing
Modern browsers require the page to be served over HTTPS for the clipboard to work without confirmation. If your admin is on plain HTTP, the plugin falls back to an older copy method that should still work, but is less reliable. Switching your site to HTTPS solves this and many other issues.
Some image format shows "No" in the GD section
Different hosts compile GD with different format support. If your site needs a specific format (say WebP), and GD doesn't support it, ask your host to enable Imagick instead, which usually supports more formats out of the box.
An extension shows as missing in red
Extensions in the Required tier should never be missing on a working WordPress site. If one is, contact your host immediately. Most can install standard PHP extensions within minutes at no cost.
Privacy
Your server data stays on your server. The plugin does not transmit any of the information it displays to any external service.
- No external requests from the inspector page itself
- No analytics, telemetry, or usage tracking
- No database tables created — the plugin only reads
- No cookies set
- No personal data of your visitors collected (the plugin never runs on the front end)
- Visible only to administrators
The plugin is GDPR-friendly out of the box because it never processes any visitor data — only your server's own configuration.
Frequently Asked Questions
Will this plugin slow down my site?
No. The plugin only runs when you open the Tools → Server Inspector page. It has zero front-end impact and zero load on your visitors. Even on the inspector page itself, results are cached for 60 seconds so repeat views are instant.
Does it modify my database or files?
No. It only reads. It does not create database tables, modify core WordPress files, or write any settings. Activating, using, or removing the plugin leaves your site exactly as it was.
Can I run it on multisite networks?
Yes. The page appears under Tools for any user with the manage_options capability on a given site. Each site sees its own snapshot.
Why does my score show 75 when everything seems fine?
The score reflects optional improvements as well as critical issues. A 75 typically means a few recommended (but not required) settings could be improved — like upgrading to a newer PHP minor version or enabling OPcache. Your site can run perfectly well on a 75.
Can I share the report on a public forum without leaking sensitive info?
Yes. Use the Copy Redacted button instead of Copy Full Report. The redacted version automatically masks database host, IP, file paths, and other sensitive values with [REDACTED].
Does it work in languages other than English?
The plugin is fully translatable. If translations exist for your language, the interface will appear translated automatically. If you'd like to translate it for your language and contribute back, contact us.
How do I uninstall it cleanly?
Go to Plugins → Installed Plugins, click "Deactivate" next to Server Capability Inspector, then click "Delete". The plugin removes itself completely. There are no leftover database entries or files.
Can I see the report from outside WordPress?
No. The report is admin-only and only available inside WordPress. This is intentional — exposing server details on a public URL would be a security risk.
Getting Help
If you've worked through the troubleshooting section and still have an issue, we're here to help.
- Open your account dashboard on xaniacode.com
- Find the support ticket section for your purchase
- Use the Copy Redacted button in the inspector to grab your server profile, then paste it into the ticket
- Describe what you're trying to do and what's happening instead
The more context you give, the faster we can help. The redacted report alone usually answers half our questions before we have to ask them.
Before opening a ticket, check your hosting control panel first if the issue is about a server limit, missing extension, or PHP version. These are almost always things only your host can change — and they typically fix them within hours of being asked.