Running your site using WordPress plugins that have been abandoned is an unnecessary risk.
To learn what abandoned plugins are and problems that they might represent for you., read this blog article here.
What is the Abandoned Plugin Scanner?
The Abandoned Plugin Scanner is a part of the Hack Guard module. It detects and alerts to presence of abandoned plugins.
This scanner can be found under the Hack Guard module => Vulnerabilities. Here you can enable scanner and receive email notifications on abandoned plugins on your site.
When the scanner is enabled, it'll monitor your site for plugins that have been abandoned by their authors and are no longed maintained. This means that in at least 2 years:
- there have been no bug fixes
- there has been no adjustment to the code to account for changes in the WordPress core
- there have been no code enhancements
- if vulnerabilities were discovered, then they haven’t been patched
Note: Many paid plugins for WordPress that were not listed on nor purchased through WordPress.org, may only be updated by signing into the author’s site. While often kept up and current for many years, updates are only known by checking in to the site purchased from.
Because of this reason, the abandoned plugins scanner only works with WordPress.org plugin as we can't automatically determine the last update time for premium plugins.
Hint: Before you enable this scanner, you might also want to
- Review your daily scan frequency settings
- Specify how long the automated scans should wait before repeating a notification about an item.
- Specify if scanner notification emails will include a summary list of all affected files or not.
How does the Abandoned Plugin Scanner work?
For better explanation on how this scanner works, we'll use an example.
Let's say you enabled the scanner and set to receive email notifications, and you have the following abandoned plugin installed on your site:
WP Socially Related (v1.0)
If you go to the Shield Security Dashboard => Scans section, you'll see a notice that the scanner has automatically detected this plugin. All you need to do is to click a scan to see its results.
Then, you'll see the following details:
- The name/version of the abandoned plugin
- When this plugin has been abandoned
- Time/date when the plugin has been detected by the scanner
Upon reviewing plugin details, you can ignore the notice and so Shield wont tell you about them again:
Or you can take the opportunity to get proactive. You can either replace the plugin if you need the functionality, or remove it altogether.
Note: If you would like to know when a scan last run, you may do so in the Overview section of the Shield Security Dashboard => Recent Events Log: