How-To: Scan for WordPress security vulnerabilities automatically every single day

By 26th April 2016News, WordPress Security

Is your WordPress running with known security vulnerabilities? Do you even know how to check?

Of course you could check it today, perhaps. But what about tomorrow? Next week?

How about checking it every single day?  What if you have 2 sites to check?  What about 10? 100?

You’re probably thinking that that would never scale. And you’d be right.

Introducing The Shield Security Vulnerabilities Scanner

We’re working to bring the protection of our Shield security plugin into iControlWP.

Today sees the release of our first stage in this process.  We’ve integrated the WP Vulnerability Database directly into iControlWP.

So what does “integrated” mean for you?

It means that several times each day we’ll automatically lookup up every plugin, theme and WordPress site against a database of known security vulnerabilities.

If we find that any one of your assets is susceptible, we’ll send you a notification email immediately.

Why does this matter?

Security vulnerabilities for WordPress and its plugins/themes are being discovered and published almost daily. This means that while you might be sitting pretty today, tomorrow is a different story.

As the number of sites you own grows, staying up-to-date on all the vulnerabilities on all your sites gets more difficult. You need an automated system that keeps up-to-date and at the same time is constantly reviewing your sites.

And one of the huge advantage with Shield Pro is that this places no extra load on your websites than before. 🙂

How does it work and what do I have to do?

It works automatically.  Every day.  You don’t have to do anything and it’s available on all iControlWP plans as of today.

Every single plugin, theme and WordPress core will be examined against the database, at least once every 24hrs. If you upgrade an asset, we’ll check it again for you and then remove the vulnerable flag if appropriate.

To avoid noise we will only send a vulnerability notice for each asset just once. This means you wont receive repeated emails and it’s up to you to make it right.

If you upgrade a vulnerable asset, and a new vulnerability is discovered at a later date, then you’ll receive another email about it.

How does this compare to the plugin vulnerability scanner within the Shield plugin?

The plugin vulnerabilities scanner within the plugin is effectively deprecated and no longer fit for purpose.

This isn’t because we got lazy and decided not to bother updating it. The kind folks behind the original data decided to remove it – they didn’t like that we were using it for you guys.  An curious contradiction to their goal of securing WordPress sites.

So we’ve moved on and purchased a commercial license from the people at wpvulndb.com.

And, the previous version was for plugins only… we now cover plugins, themes, and WordPress.

Now that we have a database that is awesome, and since it is a commercial license, we can’t integrate it into the Shield ‘Free’ plugin, available from WordPress.org.

Questions?

So, what is better than a free, broken plugin vulnerabilities scanner?  A scanner that scans plugins, themes and WordPress automatically every day. 🙂

We love this feature, and we know you will too. Please do share it and spread the word!

If you have any questions or comments about this feature, please leave them below or contact us on the helpdesk.

Join the discussion 3 Comments

Leave a Reply