{"id":305825,"date":"2026-06-19T09:02:48","date_gmt":"2026-06-19T09:02:48","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/wfi-monitor\/"},"modified":"2026-06-19T09:20:16","modified_gmt":"2026-06-19T09:20:16","slug":"vulnerability-monitor-for-wordfence-intelligence","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/vulnerability-monitor-for-wordfence-intelligence\/","author":23408246,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.3.9","stable_tag":"1.3.9","tested":"7.0","requires":"5.6","requires_php":"7.2","requires_plugins":null,"header_name":"Vulnerability Monitor for Wordfence Intelligence","header_author":"Interaktiv","header_description":"Automatically scans installed WordPress plugins and themes regularly against the Wordfence Intelligence v3 vulnerability feed and alerts administrators about known security vulnerabilities. Not affiliated with Wordfence.","assets_banners_color":"08647b","last_updated":"2026-06-19 09:20:16","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/interaktiv.ch","header_plugin_uri":"","header_author_uri":"https:\/\/interaktiv.ch","rating":0,"author_block_rating":0,"active_installs":0,"downloads":30,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.3.9":{"tag":"1.3.9","author":"interaktivch","date":"2026-06-19 09:20:16"}},"upgrade_notice":{"1.3.9":"<p>Performance-focused follow-up release that disables autoload for scan result and related runtime options.<\/p>","1.3.8":"<p>Addresses the latest WordPress.org review feedback for asset loading, external service disclosure, and unique naming.<\/p>","1.3.5":"<p>Refreshes release metadata and packages the WordPress 7.0 compatibility update.<\/p>","1.3.4":"<p>Improves admin feedback after sending a test email from plugin settings.<\/p>","1.3.3":"<p>WordPress.org submission cleanup release with Plugin Check and packaging fixes.<\/p>","1.3.2":"<p>Reduces API spikes by spreading scheduled scans across different sites automatically.<\/p>","1.3.1":"<p>Improves troubleshooting for Wordfence API failures and rate limits.<\/p>","1.3.0":"<p>Operational monitoring release with alert emails for plugin health issues.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3578298,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3578298,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3578335,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3578335,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.3.9"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[5603,6464,600,1249,41325],"plugin_category":[43,54],"plugin_contributors":[267856],"plugin_business_model":[],"class_list":["post-305825","plugin","type-plugin","status-publish","hentry","plugin_tags-monitoring","plugin_tags-scanner","plugin_tags-security","plugin_tags-themes","plugin_tags-vulnerabilities","plugin_category-customization","plugin_category-security-and-spam-protection","plugin_contributors-interaktivch","plugin_committers-interaktivch"],"banners":{"banner":"https:\/\/ps.w.org\/vulnerability-monitor-for-wordfence-intelligence\/assets\/banner-772x250.png?rev=3578335","banner_2x":"https:\/\/ps.w.org\/vulnerability-monitor-for-wordfence-intelligence\/assets\/banner-1544x500.png?rev=3578335","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/vulnerability-monitor-for-wordfence-intelligence\/assets\/icon-128x128.png?rev=3578298","icon_2x":"https:\/\/ps.w.org\/vulnerability-monitor-for-wordfence-intelligence\/assets\/icon-256x256.png?rev=3578298","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Vulnerability Monitor for Wordfence Intelligence<\/strong> helps WordPress administrators identify known security vulnerabilities affecting installed plugins and themes. The plugin regularly checks the Wordfence Intelligence v3 vulnerability feed (supports object-map, array, NDJSON; gzip-aware; memory-safe) and provides alerts when vulnerable software is detected, helping keep WordPress installations secure and up to date. Not affiliated with Wordfence.<\/p>\n\n<p>This plugin is designed to be:<\/p>\n\n<ul>\n<li><strong>Lightweight<\/strong> \u2013 no external SaaS services beyond the official Wordfence feed API.<\/li>\n<li><strong>Privacy-friendly<\/strong> \u2013 no tracking or telemetry; vulnerability matching happens locally on your site.<\/li>\n<li><strong>Memory-safe<\/strong> \u2013 supports streaming large NDJSON and gzip feeds without exhausting server memory.<\/li>\n<li><strong>Fully configurable<\/strong> \u2013 email notifications, severity levels, scheduled scans, and more.<\/li>\n<\/ul>\n\n<p>Perfect for agencies, freelancers, and site owners who want proactive security visibility without complexity.<\/p>\n\n<h3>Key Features<\/h3>\n\n<ul>\n<li>Scan installed <strong>plugins and themes<\/strong> for known vulnerabilities.<\/li>\n<li>Supports <strong>NDJSON<\/strong>, <strong>array JSON<\/strong>, and <strong>object-map JSON<\/strong> feed formats.<\/li>\n<li>Handles <strong>gzip-compressed<\/strong> feeds automatically.<\/li>\n<li>Match detection for:\n\n<ul>\n<li>severity levels (critical, high, medium, low)<\/li>\n<li>patched versions<\/li>\n<li>remediation steps<\/li>\n<\/ul><\/li>\n<li>Customizable <strong>email notifications<\/strong> with templates.<\/li>\n<li>Optional <strong>scheduled scans<\/strong> (hourly, daily, or custom).<\/li>\n<li>\"Only notify on new issues\" mode.<\/li>\n<li>Supports the current <strong>Wordfence Intelligence V3<\/strong> API with API key authentication.<\/li>\n<li>Debug mode with detailed logs.<\/li>\n<li>No tracking or telemetry.<\/li>\n<li>Matching and reporting logic runs locally on your site.<\/li>\n<\/ul>\n\n<h3>How It Works<\/h3>\n\n<p>The plugin fetches the Wordfence Intelligence feed, streams it in a memory-safe way, and compares each entry with your installed plugins\/themes.<br \/>\nYou can trigger scans:<\/p>\n\n<ul>\n<li>manually from the WP Admin panel  <\/li>\n<li>or automatically via the scheduled scan option  <\/li>\n<\/ul>\n\n<p>The results include severity, details, patched versions, and links to advisories.<\/p>\n\n<h3>External services<\/h3>\n\n<p>This plugin connects to the Wordfence Intelligence vulnerability feed provided by Defiant, Inc. to download vulnerability data used for scans.<\/p>\n\n<p>The request is sent when you run a manual scan, when a scheduled scan runs, or when the cached feed expires and the plugin needs a fresh copy. The request sends your configured Wordfence API key in the <code>Authorization<\/code> header and standard web request metadata from your server such as your server IP address and user agent. The plugin does not send your installed plugin\/theme inventory, scan results, or site content to Wordfence.<\/p>\n\n<p>Service provider: Defiant, Inc.\nTerms of Service: https:\/\/www.wordfence.com\/terms-of-service\/\nPrivacy Policy: https:\/\/www.wordfence.com\/privacy-policy\/<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload <code>vulnerability-monitor-for-wordfence-intelligence<\/code> to the <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu.<\/li>\n<li>Open <strong>Vulnerability Monitor for Wordfence Intelligence<\/strong> in the WordPress admin sidebar.<\/li>\n<li>Configure notification email, Wordfence API key, and preferred severity levels.<\/li>\n<li>(Optional) Enable scheduled scans.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20send%20my%20data%20to%20external%20servers%3F\"><h3>Does this plugin send my data to external servers?<\/h3><\/dt>\n<dd><p>The plugin fetches the Wordfence Intelligence feed from Wordfence.<br \/>\nIt does <strong>not<\/strong> upload your installed plugin\/theme inventory or scan results to Wordfence.<\/p><\/dd>\n<dt id=\"does%20it%20slow%20down%20my%20website%3F\"><h3>Does it slow down my website?<\/h3><\/dt>\n<dd><p>No. All scans are manual or scheduled via WP-Cron.<br \/>\nNormal visitors are never affected.<\/p><\/dd>\n<dt id=\"do%20i%20need%20a%20wordfence%20account%3F\"><h3>Do I need a Wordfence account?<\/h3><\/dt>\n<dd><p>Yes. Wordfence Intelligence V3 requires an API key from your Wordfence account.\nYou can create it after signing in at the Integrations page in your Wordfence.com account.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20store%20a%20default%20api%20key%20or%20email%20address%3F\"><h3>Does this plugin store a default API key or email address?<\/h3><\/dt>\n<dd><p>No. The plugin does not ship with any embedded API key or hardcoded email address.\nBy default it uses your site's existing <code>admin_email<\/code> setting until you change it.<\/p><\/dd>\n<dt id=\"does%20this%20replace%20wordfence%3F\"><h3>Does this replace Wordfence?<\/h3><\/dt>\n<dd><p>No. This plugin is not a firewall.<br \/>\nIt is a <strong>lightweight vulnerability monitor<\/strong>.<\/p><\/dd>\n<dt id=\"can%20i%20customize%20the%20email%20template%3F\"><h3>Can I customize the email template?<\/h3><\/dt>\n<dd><p>Yes! Both subject and body support placeholders like <code>{site}<\/code>, <code>{count}<\/code>, <code>{time}<\/code>, <code>{list_html}<\/code>.<\/p><\/dd>\n<dt id=\"can%20agencies%20use%20this%20on%20client%20websites%3F\"><h3>Can agencies use this on client websites?<\/h3><\/dt>\n<dd><p>Absolutely. That\u2019s one of the primary use cases.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.3.9<\/h4>\n\n<ul>\n<li>Stored scan result and operational status options with <code>autoload<\/code> disabled to reduce unnecessary front-end option loading.<\/li>\n<\/ul>\n\n<h4>1.3.8<\/h4>\n\n<ul>\n<li>Replaced inline admin CSS and JavaScript with properly enqueued assets.<\/li>\n<li>Documented the Wordfence external service usage, data flow, and policy links in the readme.<\/li>\n<li>Renamed generic runtime identifiers to stronger <code>wfim<\/code>-prefixed names to reduce conflict risk.<\/li>\n<\/ul>\n\n<h4>1.3.7<\/h4>\n\n<ul>\n<li>Renamed the public plugin package and release metadata for the new WordPress.org naming requirements.<\/li>\n<li>Updated the public slug, text domain, and bundled archive structure to match the new plugin name.<\/li>\n<\/ul>\n\n<h4>1.3.6<\/h4>\n\n<ul>\n<li>Optimized feed matching so scans no longer re-scan the full installed plugin and theme lists for every feed item.<\/li>\n<li>Reduced the risk of 30-second timeouts on larger Wordfence Intelligence v3 feeds.<\/li>\n<\/ul>\n\n<h4>1.3.5<\/h4>\n\n<ul>\n<li>Updated release metadata for the WordPress 7.0 compatibility check.<\/li>\n<li>Bumped the packaged plugin version to 1.3.5.<\/li>\n<\/ul>\n\n<h4>1.3.4<\/h4>\n\n<ul>\n<li>Added an admin confirmation notice after sending a test email.<\/li>\n<li>Improved test email feedback so successful sends are visible immediately in settings.<\/li>\n<\/ul>\n\n<h4>1.3.3<\/h4>\n\n<ul>\n<li>Fixed WordPress.org Plugin Check findings in the admin UI and packaging metadata.<\/li>\n<li>Aligned plugin headers and readme requirements for WordPress.org submission.<\/li>\n<li>Cleaned the release package and removed development-only warnings.<\/li>\n<\/ul>\n\n<h4>1.3.2<\/h4>\n\n<ul>\n<li>Distributed scheduled scans across sites using a stable per-site offset, reducing simultaneous Wordfence API requests.<\/li>\n<li>Re-aligned existing scheduled scans to the new staggered timing after settings updates and plugin load.<\/li>\n<\/ul>\n\n<h4>1.3.1<\/h4>\n\n<ul>\n<li>Added detailed diagnostics for Wordfence feed fetch failures, including HTTP 429 rate-limit hints.<\/li>\n<li>Preserved debug logs for failed scans so API error details remain visible in Scan Summary.<\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Added operational alert emails for scan failures, overdue scheduled scans, and fatal plugin errors.<\/li>\n<li>Added recovery emails when scanning starts working again.<\/li>\n<li>Added throttling to reduce repeat alert spam.<\/li>\n<\/ul>\n\n<h4>1.2.1<\/h4>\n\n<ul>\n<li>Improved the settings UX by moving the API key directly below the feed URL and removing the misleading \"optional\" label.<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Migrated the default vulnerability feed from Wordfence V2 to V3.<\/li>\n<li>Automatically upgrades the legacy V2 endpoint to the V3 endpoint in plugin settings.<\/li>\n<li>Shows a clear admin error when the required Wordfence API key is missing.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Fixed <code>send_only_new<\/code> email logic so only genuinely new findings trigger notifications.<\/li>\n<li>Added feed caching based on the configured cache TTL.<\/li>\n<li>Made scheduled\/manual scan failures return gracefully instead of terminating abruptly.<\/li>\n<li>Fixed the deactivation modal stylesheet.<\/li>\n<\/ul>\n\n<h4>1.0<\/h4>\n\n<ul>\n<li>Initial public release.<\/li>\n<\/ul>","raw_excerpt":"Scans installed WordPress plugins and themes against the Wordfence Intelligence v3 feed and alerts admins about known vulnerabilities.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/305825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=305825"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/interaktivch"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=305825"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=305825"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=305825"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=305825"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=305825"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=305825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}