What is the Vulnerability Scanner?

The Vulnerabilities Scanner is a part of the Hack Guard module. It is designed to regularly scan your list of the installed WordPress plugins and compare their current versions against a list of known plugin vulnerabilities. 

What is a "known" plugin vulnerability?

A "known" vulnerability is one that has been publicly identified and is known to exist.

An "unknown" vulnerability is one that exists but is not  publicly known.

What does this scanner not do?

This scanner will not detect the presence of security vulnerabilities in a plugin that are not "known".

What does this scanner do?

When a plugin is discovered that is known to contain a security vulnerability, the plugin will do 2x things:

  1. It will highlight the plugin on the plugins listing page on your WordPress admin
  2. It will send an email once per day (when the cron runs) notifying you for the plugin

This scanner is enabled from within Hack Guard module. You can also set it to automatically apply updates to items with known vulnerabilities when an update becomes available. 

You can run this scanner manually by accessing the Run Manual Scan option from the Action Menu. Vulnerable plugins will be displayed in the Scan Results, for example:

The vulnerable plugin will be also highlighted on the plugins listing page on your WordPress admin. For example:

To learn more about this Vulnerability Scanner, read this blog article here.

Vulnerabilities email alert

Shield’s vulnerability scanner will normally alert you to the presence of vulnerabilities via the standard Report Alert feature.

However, you can be instantly alerted as soon as a vulnerability has been discovered by using Instant Alerts feature.

We also highly recommend you to read A Complete Guide To The Shield Security Scans here.

Note: ShieldPRO is required for this scanner. To find out what the extra ShieldPRO features are and how to purchase, please follow this link here.