Plugin Security Scanner

Description

This plugin determines whether any of your plugins or themes have security vulnerabilities. It does this by looking up details in the WPScan Vulnerability Database.

It will run a scan once a day, and e-mail the administrator if any vulnerable plugins or themes are found.

It also adds a new menu option to the admin tools menu called “Plugin Security Scanner”. Clicking this runs a scan. If the scan finds any problems, it shows you a list of plugins or themes that have vulnerabilities, along with a description of the issue.

Icons made by Alessio Atzeni from www.flaticon.com is licensed by CC BY 3.0

Screenshots

  • Example run of the security scanner that has found two vulnerable plugins.
  • E-mail alert to administrator when vulnerable plugins have been found.

Reviews

Great plugin!

  • Peace of mind!
  • Excellent support from the plugin author
  • Proactive maintenance of the WPScan Vulnerability Database

Fonctionne bien, mais ses messages manque de détails

Fonctionne très bien, mais j’abuse en espérant une petite amélioration essentielle…
Quand j’ai installé le plugin Zopim Live Chat la semaine dernière, il m’a adressé dans les 24h un message :
——
Vulnerability found: zopim-live-chat <= 1.2.5 – XSS in ZeroClipboard
Scan completed: 1 vulnerability found.
—–
Un peu court pour savoir ce qu’il en retourne vraiment, mais le boulot de base est fait. Je suis alertée et le support de Zopim aussi. Maintenant, reste à trouver la faille…

Plus de détails seraient le bienvenu surtout quand on doit transmettre à un support.

Could also check WP version

Slow to check because the API service works only one plugin at a time, but good enough. Could show the vulnerabilities found direct on Plugins page.

Read all 7 reviews

Contributors & Developers

“Plugin Security Scanner” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.4.1

  • Fix issue with theme version checking

1.4

  • Themes as well as plugins are now scanned for vulnerabilities

1.3.1

  • Added check to make sure the WPVulnDb API has returned a valid response

1.3

  • Added option under “Settings / General / Plugin Security Scanner” to disable the email notification

1.2.1

  • Moved to WPScan Vulnerability Database API v2

1.2.0

  • Added i18n support

1.1.9

  • Fix: Removed unecessary ob_flush calls
  • Fix: If vulnerability does not have a “fixed in” version number, report it as a vulnerability

1.1.8

  • Fix: corrected links to WPScan Vulnerability Database

1.1.7

  • Add link to WPScan Vulnerability Database details page

1.1.6

  • Conditionally include plugin.php include in case it is not already included

1.1.5

  • Escape output in HTML report to prevent XSS

1.1.4

  • Added blog title to email subject

1.1.3

  • Fixed bug that prevented admin email being sent

1.1

  • Email admin daily if any vulnerabilities are found

1.0

  • Initial release