Vulnerabilities

One of the most critical elements of website maintenance, is to keep server, WordPress core, themes and plugins updated. This will ensure that code is up-to-date, and that all potential and reported vulnerabilities are fixed. All too often, website owners will neglect the updates for various reasons and that can lead to all sorts of problems, hacked websites and malware taking over.

It is very important to know if the PHP, WordPress, plugins and themes you use are secure, and if there are any known and publicly disclosed vulnerabilities related to the versions you use. The Vulnerabilities feature integrates with the WordPress Vulnerability Database and National Vulnerability Database to get list of vulnerabilities that are maybe affecting your website.

WordPress Vulnerability Database is the best aggregated database of WordPress related vulnerabilities with up-to-date information about core, plugins and themes.

National Vulnerability Database is part of the National Institute of Standards and Technology, and it is maintained by the US Government. It is the most important vulnerabilities database in the world.

This feature has no settings, and it is active by default, and you can deactivate it. If active, this feature will update the vulnerabilities information once a day.

To see all the relevant vulnerabilities data, plugin adds a new panel Vulnerabilities where all vulnerabilities that affect the website are listed for WordPress Core, plugins and themes.

Few more things to know

  • Vulnerabilities disclosure follows strict process, and not all discovered vulnerabilities are immediately public. Software developers are notified, and given time to fix the vulnerability before it is published. If the developer doesn’t respond in time, vulnerability is published even before there is a fix.
  • Over time, something once reported as vulnerability, may be removed later on. The most reliable vulnerabilities system is CVE (Common Vulnerabilities and Exposures)
  • There is no guarantee that every vulnerability is discovered and published before it gets exploited in the wild. The reports and publishing system is created to protect developers and end users, and it is not perfect.

WordPress Integration

Plugins Panel

Plugin can integrate with the WordPress Plugins panel to show information about the plugin versions you use that are known as vulnerable.

Plugins panel integration

For each vulnerable plugin version, you can see the score and severity (if available), list of notices and sources. For each source, you can click on the link/icon to go to the source website, and information icon to show tooltip with the description.

Multisite Network Themes Panel

Plugin can integrate with the Themes panel in the multisite network environment, and will show the same format of information as for the plugins.

Themes panel integration

Due to the limitations of WordPress, there is no way to integrate into WordPress Appearance Themes panel!

Site Health

All vulnerabilities (PHP, core, plugins, themes) will be listed in the Critical Issues block with links to the main Vulnerabilities panel for more detailed information.

Site Health Integration

Important Information

To learn more about the process of updating your website and server to fix the potential vulnerabilities, make sure to continue with this Article.

0
0
35
Rate this article

You are not allowed to rate this post.

Leave a Comment