The Vulnerabilities Scanner is a part of the Hack Protection module. It is designed to regularly (once daily) scan your list of the installed WordPress plugins and compare their current versions against a list of known plugin vulnerabilities.

What is a "known" plugin vulnerability?

A "known" vulnerability is one that has been publicly identified and is known to exist. 

An "unknown" vulnerability is one that exists but is not publicly known.

What does this scanner not do?

This scanner will not detect the presence of security vulnerabilities in a plugin that are not "known".

What does this scanner do?

When a plugin is discovered that is known to contain a security vulnerability, the plugin will do 2x things:

  1. It will highlight the plugin on the plugins listing page on your WordPress admin
  2. It will send an email once per day (when the cron runs) notifying you for the plugin

The Vulnerabilities Scanner options explanations

Option: Vulnerability Scanner

Here you are able to access the basic scanner settings. The options available are as follows:

  • Scan Disabled: The Vulnerability Scanner will be disabled
  • Enabled - Send Email Notification: Enable scanner and notify me by email

        Note: To see what email address Shield will send notifications to, go to the Dashboard => General Options => Report Email

  • Enabled - No Email Notification: Enable scanner but do not notify me by email

Option: Automatic Updates (of the vulnerable plugins)

When the plugin update becomes available and the Automatic Update option is enabled, the items with known vulnerabilities will be automatically updated. 


If you want to enable this option, check the checkbox. To disable, leave it unchecked.

Option: Highlight Plugins

Vulnerable plugins will be highlighted on the main plugins page (see an example below).

To set this, select one of the options from the drop-down list:

  • Display Disabled: Do not display vulnerable plugins
  • Display Enabled: Display vulnerable plugins
  • Display Only For Security Admin: Vulnerable plugins will be visible to the security admins only


Note: The Vulnerabilities Scanner is available with the Shield Pro only. To find out what the extra features for the Shield Pro are, read the article here.