Running your site using WordPress plugins that have been abandoned is an unnecessary risk. 


To learn what abandoned plugins are and problems that they might represent for you., read this blog article here.

What is the Abandoned Plugin Scanner?

The Abandoned Plugin Scanner is a part of the Hack Guard module. It detects and alerts to presence of abandoned plugins.


The options available are as follows:

  • Enable scanner and receive email notifications on abandoned plugins on your site
  • Enable scanner without email notifications
  • Disable scanner

When the scanner is enabled, it'll monitor your site for plugins that have been abandoned by their authors and are no longed maintained. This means that in at least 2 years:

  • there have been no bug fixes
  • there has been no adjustment to the code to account for changes in the WordPress core
  • there have been no code enhancements
  • if vulnerabilities were discovered, then they haven’t been patched


Note: Many paid plugins for WordPress that were not listed on nor purchased through WordPress.org, may only be updated by signing into the author’s site. While often kept up and current for many years, updates are only known by checking in to the site purchased from.

Because of this reason, the abandoned plugins scanner only works with WordPress.org plugin as we can't automatically determine the last update time for premium plugins.


Hint: Before you enable this scanner, you might also want to

  • Review your daily scan frequency settings
  • Specify how long the automated scans should wait before repeating a notification about an item.
  • Specify if scanner notification emails will include a summary list of all affected files or not.

Read more about this here.

How does the Abandoned Plugin Scanner work?

For better explanation on how this scanner works, we'll use an example. 


Let's say you enabled the scanner and set to receive email notifications, and you have the following abandoned plugin installed on your site:

WP Socially Related (v1.0)


If you go to the Shield Security Dashboard => Scans, you'll see a notice that the scanner has automatically detected this plugin. All you need to do is to click a scan to see its results:

Then, you'll see the following details:

  • The name/version of the abandoned plugin
  • When this plugin has been abandoned
  • Time/date when the plugin has been detected by the scanner


Upon reviewing plugin details, you can ignore the notice and so Shield wont tell you about them again:

Or you can take the opportunity to get proactive. You can either replace the plugin if you need the functionality, or remove it altogether.


You will also receive email notifications on this abandoned plugin. The email subject will be...

[your-site-xxx] Warning - Abandoned Plugin(s) Discovered On Your Site.


... and you'll see something like this:

You can also run scanner directly from there.


Note: If you would like to know when a scan last run, you may do so in the Recent Events Log section of the Shield Security Dashboard:

Please note that the Abandoned Plugin Scanner is available with Shield Pro only. To find out what the extra features for Shield Pro are, read the article here.