Site Vulnerability Scan
WordPress Toolkit can now regularly scans active plugins, themes, and WordPress versions to identify known vulnerabilities, using information provided by our friendly partners at Patchstack. Before we go further into the details of this feature, let’s quickly go through some numbers to understand how much of a game changer this really is:
First of all, WordPress is used on roughly 43% of all sites on the internet, and the figure is goes up to 65% for sites made on a CMS (content management system). These figures are constantly growing, meaning that WordPress is becoming an even bigger target for hackers every day. Case in point:
- Cybercrime is up 600% due to the COVID-19 pandemic
- Over 18 million websites are infected with malware each week
- 25% of top WordPress plugins are flagged with critical vulnerabilities
- 60% of data breach victims said they were breached due to an unpatched known vulnerability where the patch was not applied
We can go on and on quoting various security-related stats, but the point is clear: addressing vulnerabilities is arguably the most important thing you can do for your site.
To make the internet a safer place for all, WordPress Toolkit is now introducing an automated vulnerability scan. Every hour we’re examining the Patchstack database to identify whether there’s a new vulnerability reported. Every hour we are verifying if there are any plugins, themes, or WordPress sites on a given server with known vulnerabilities. Once a vulnerability is detected, WordPress Toolkit will mark the site in the interface, letting site admins know they should take action. Since a picture is worth a thousand words, the screenshots below tell the story for us.
This is what site admins will see when they access WordPress Toolkit and one of their sites has a known vulnerability:
