As part of ongoing efforts to better protect websites running WordPress, this week SiteLock implemented a new feature exclusively for our WordPress customers, called SiteLock Platform Scan for WordPress. Going forward, customers using WordPress on their website will receive a scan that checks for known vulnerabilities in their WordPress plugins, themes and core install.
Platform Scan for WordPress results are accessible from the main Security Summary screen of the SiteLock dashboard, where you can check the status at a glance. Similar to other SiteLock scans, websites with no issues will show a green check mark, while websites with issues will show a red ‘X.’
Websites that have issues, such as those running an older version of WordPress or outdated plugins or themes, will receive a breakdown of vulnerabilities known to be present in the current version. Issues within WordPress are assessed a risk score of Low, Medium, High, Critical or Urgent, with Urgent items having the most elevated risk.
Vulnerabilities can range from cross-site scripting (XSS) and SQL injection (SQLi), to authorization bypass. Issues are presented with their name, category, severity, a summary of the issue, and a more detailed description. For example, when scanning a WordPress website running v3.9.13, many serious vulnerabilities are found detailed in the scan report.
Platform Scan for WordPress runs daily as part of SiteLock’s 360° Website Malware & Vulnerability Scanning, and requires no additional setup. Customers who already have SiteLock website security that includes 360° Website Malware & Vulnerability Scanning now receive this additional feature at no additional charge.
In WordPress security, knowing you have a vulnerability is half the battle. Taking action to remediate vulnerabilities is the other half. Fortunately, as many WordPressers know, the majority of issues found will likely be resolved by simply updating the WordPress core, plugins and themes. However, most WordPress users don’t regularly check the WordPress.org forums or subscribe to notifications about plugins, so they may not be notified of major security issues that haven’t yet been patched. With the new Platform Scan for WordPress, we are increasing the visibility of security concerns to help you be the most informed WordPress user you can be.