December 4, 2017 by Paul G. | Blog, Shield Pro, Updates

WordPress Plugin & Themes Vulnerability Scanner

Shield Image

Today sees the release of another awesome feature for the Shield Security plugin.

A couple of years ago we had a feature like this in the Shield plugin, but we had to remove it because the data source was old and was no longer being updated at that time.

It’s never a good thing to add a feature to a service, and then have to remove it. We learned a simple lesson that day:

never rely on free software/services to provide a professional service.

One of the biggest exceptions to this is WordPress, of course. But the reality is that this, alongside a few other open source projects, are rare exceptions.

This is also why we created Shield Pro – we want our security system to be professional, always improving, and current. Free is great for a while, but it’s not sustainable.

So today, with our Shield Pro offering, we can now purchase commercial licenses for different services and bring them into Shield Security for access by everyone. Of course, this is a paid feature since it would be far from sustainable for us to provide this service for free as we need to somehow cover our costs for this too.

What are the new Vulnerability Scanner Features?

We’ve made a number of great improvements when compared with the old scanner.

1. Much cleaner Plugins page display

With the scanner turned on, you’ll be able to see the list of vulnerable plugins and their exact vulnerabilities, listed on the main WordPress Plugins page.

The list will show you the notice about the vulnerabilities and a more info link to find out further information. We’ve also provided a handy filter link so you can view only vulnerable plugins from the list.

Shield Security: Plugin Vulnerabilities Example 1
Shield Security: Plugin Vulnerabilities Example 1

2. Hide display of vulnerable plugins from non security administrators

For those administrators who handle the security for their clients and they don’t want questions about vulnerability notifications, you can hide these notices from everyone except security admins by using Security Admin Restriction Zones feature > Plugins Update option.

Shield Security: Plugin Vulnerabilities Example 2
Shield Security: Plugin Vulnerabilities Example 2

Note: Security Administrators are those users who have been given the Security PIN in the Security Admin module of the Shield plugin.

3. Automatic update of vulnerable plugins

This is a brand new feature and it lets you have WordPress automatically upgrade any vulnerable plugins on your site.

Important Notes:

  1. The plugin must have an update available! That might seem obvious, but many folks get confused when they’ve set a plugin to automatically update and it’s still vulnerable. If there isn’t an update for it, it can’t automatically update and will remain “vulnerable”.
  2. Automatic updates are performed by WordPress, not by Shield. This means it can take between 12-24hrs for a plugin to automatically update.  And that’s not from the time the vulnerability is detected, but from the time that WordPress detects the available update.
  3. If it’s a premium plugin that’s vulnerable, and your license is out of date, or invalid, the automatic update wont work.

4. Email notification of vulnerable plugins

Every time a new vulnerability is detected, an email will be sent in the alert email report with all the known vulnerabilities on the site.

Notes:

  1. Emails are digest emails – you will receive 1 email per automatic scan. So 5 different vulnerabilities will be included within a single email, not 5x different emails.
  2. You will be notified by Alert Email from scans of a specific vulnerability only once. Shield will not repeatedly send notifications of known vulnerabilities.

How can you get this scanner?

You can start protecting your site with this scanner simply by upgrading to ShieldPRO.

The scanner will be automatically enabled, but to adjust some of the options mentioned above, you’ll need to go to the Hack Guard module, and select “Vulnerabilities, Plugins, Themes” section.

As always, please leave your comments below if you have any suggestions or feedback.

Thanks!

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@jimmycrow's Gravatar @jimmycrow

Great little Firewall

I put the Shield on ALL my websites. So easy to set up and so may option’s for protection.

@liujunjie688's Gravatar @liujunjie688

good so far

I was previously using Wordfence which was causing high IO and Memory usage during its periodic scans which seemed to hang part way through. I’ve no such issue with Shield plugin. I can’t comment on the spam filter as I’m using the alternative, but good that there is no conflicts…

@mainserv's Gravatar @mainserv

Best choice

Best choice, thx 😉

@birdev's Gravatar @birdev

Great support

As a free user, when I encountered a bug with this plugin, I did not have much hope of getting support for it. I nevertheless reported it to the One Dollar Plugin team. To my amazement, I heard back from them within days, and they released a new version of…

Comments (5)

    Is this included in the iControlWP bundle I pay for or no?

      Hi Debbie,

      Good question, and thanks for asking. Yes, this is included in your iControlWP subscription! 🙂

      Thanks!
      Paul.

    Shield Security provides great features for improvements when compared with the old scanner. This technique is like including a custom size in Printer Properties, with the exception of you include it through the gadget director.

    Nice information, Test vulnerabilities of a WordPress installation, WordPress plugins, hosting environment and web server by using this WordPress Security Scanner

    Valuable information, wordPress website scanner would check for other themes that are installed but not active; such themes might contain vulnerabilities.

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese