The Vulnerabilities Scanner is a part of the Hack Guard module. It is designed to regularly (once daily) scan your list of the installed WordPress plugins and compare their current versions against a list of known plugin vulnerabilities

What is a "known" plugin vulnerability?

A "known" vulnerability is one that has been publicly identified and is known to exist. 

An "unknown" vulnerability is one that exists but is not publicly known.

What does this scanner not do?

This scanner will not detect the presence of security vulnerabilities in a plugin that are not "known".

What does this scanner do?

When a plugin is discovered that is known to contain a security vulnerability, the plugin will do 2x things:

  1. It will highlight the plugin on the plugins listing page on your WordPress admin
  2. It will send an email once per day (when the cron runs) notifying you for the plugin

The Vulnerabilities Scanner options explanations

Option: Vulnerability Scanner

Here you are able to access the basic scanner settings. The options available are as follows:

  • Scan Disabled: Scanner disabled
  • Enabled - Send Email Notification: Enable scanner and notify me by email

        Note: To see what email address Shield will send notifications to, go to the General module => Plugin defaults => Report Email.

  • Enabled - No Email Notification: Enable scanner but do not notify me by email

Option: Automatic Updates (of the vulnerable plugins)

When the plugin update becomes available and the Automatic Update option is enabled, the items with known vulnerabilities will be automatically updated. 

If you want to enable this option, click the slider.

Option: Highlight Plugins

To set options, select one of the options from the drop-down list:

  • Display Disabled: Do not display vulnerable plugins
  • Display Enabled: Display vulnerable plugins
  • Display Only For Security Admin: Vulnerable plugins will be visible to the security admins only

For example, if you enable display, vulnerable plugins will be highlighted on the main plugins page:

Note: You can run this scanner from within Shield Security Dashboard => Scans section. 

The Vulnerabilities Scanner also has Scan Indicator feature integrated. This feature indicates the last time that a scan was run successfully. Read more here.

Note: The Vulnerabilities Scanner is available with the Shield Pro only. To find out what the extra features for the Shield Pro are, read the article here.