Plugin Security Scanner

This plugin alerts you if any of your plugins have security vulnerabilities. It does this by utilising the WPScan Vulnerability Database once a day.

Author:Glen Scott (profile at wordpress.org)
WordPress version required:
WordPress version tested:5.2.6
Plugin version:2.0.2
Added to WordPress repository:13-04-2015
Last updated:19-08-2019
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
Rating, %:98
Rated by:7
Plugin URI:https://yellowsquare.com/plugin-security-scan...
Total downloads:66 786
Active installs:1 000+
plugin download
Click to start download

This plugin determines whether any of your plugins or themes have security vulnerabilities. It does this by looking up details in the WPScan Vulnerability Database.

It will run a scan once a day, and e-mail the administrator if any vulnerable plugins or themes are found.

Please note: As from version 2.0.0, you will need to register on the WPScan Vulnerability Database site in order to get an API token. This token is required before any security scans can be performed. Once you have your token, it can be added to the Plugin Security Scanner settings page.

You can also register a webhook for notifications. The webhook will trigger daily, even if no vulnerabilities found. The webhook is a post request, with JSON payload containing the vulnerabilities.

You can enable the webhook under Settings\General tab – see the Plugin Security Scanner settings.

It also adds a new menu option to the admin tools menu called “Plugin Security Scanner”. Clicking this runs a scan. If the scan finds any problems, it shows you a list of plugins or themes that have vulnerabilities, along with a description of the issue.

The WPScan Vulnerability Database API, which this plugin uses, is free for non-commercial use. However, any commercial usage will require that you purchase a commercial license from WPScan. If you are using the API for your own site then you will not need a commercial license. However, if you are a hosting company and install the plugin systematically across all of your clients sites, then you will need to purchase a commercial license. If you are making heavy use of the API, it is likely that you will need to purchase a commercial license. To enquire about a commercial license, please contact team@wpvulndb.com

Icons made by Alessio Atzeni from www.flaticon.com is licensed by CC BY 3.0


Screenshots
ChangeLog