Solid Security Pro Feature Spotlight: Site Scan

In the Feature Spotlight posts, we highlight a feature in Solid Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are shining the spotlight on the Solid Security Pro Site Scan, a great feature to secure and protect your website.

Why You Need a Site Scanner for Your WordPress Site

At the end of 2018, hackers were actively taking advantage of an exploit in the WP GDPR Compliance plugin. The exploit allowed unauthorized users—people not logged into a website—to modify the WP user registration settings and change the default new user role from a subscriber to an administrator. Thankfully, the WP GDPR Compliance plugin developers acted fast and released a patch for the day after the vulnerability was publicly disclosed.

In the days following the WP GDPR Compliance vulnerability discloser, we received a flurry of reports from our customers that they were finding new and unexpected administrator users on their websites. Or worse, that their admin user was removed, and as a result, they lost control of their website. Luckily, we knew what the culprit of the attacks was, and we were able to instruct people to remove the new users, and update WP GDPR Compliance to version 1.4.3 or above to patch the point of entry and to prevent further attacks on the exploit. Unfortunately, some of our customers that lost access to their website didn’t have a WordPress backup to restore from and had to hire a hack repair specialist to regain access to their website.

Receiving a high number of reports of customers sites being exploited by WP GDPR Compliance vulnerability months after they released a patch was not something we expected to see. It wasn’t until a full year after the patch was released that we finally stopped receiving regular reports about customer’s sites being hacked via this exploit. In that year, our customers collectively had hundreds of hacked websites that could have been prevented simply by keeping their plugins updated.

The most frustrating thing for me from my time in support was hearing from customers who fell victim to hacks that could have been easily prevented. It made me cringe to think about all of the unnecessary time spent cleaning up the hacked sites and all of the difficult conversations informing clients and customers about the preventable breaches.

We knew that our customers didn’t have the time to keep track of every disclosed WordPress vulnerability and compare that list to the versions of plugins and themes you have installed on your site. So we created a way to automatically protect themes Security Pro customers from the #1 culprit of hacked WordPress websites.

What Is The Solid Security Pro Site Scan?

The Solid Security Pro Site Scanner is our way to secure and protect your WordPress website from the number one cause of all software hacks.  The Site Scanner checks your site for known vulnerabilities and automatically applies a patch if one is available.

The 3 Types of Vulnerabilities Checked

1. WordPress Vulnerabilities
2. Plugin Vulnerabilities
3. Theme Vulnerabilities

Using the Google Safe Browsing API, the Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website. I get so excited when thinking about how the Solid Security Pro Site Scan will save people from spending unnecessary time and money cleaning up hacked websites.

I feel a sense of relief, knowing that the Site Scan will prevent our customers from losing their clients or customers after informing them about a successful hack.

How to Use the Solid Security Pro Site Scan

To get started with Site Scan, navigate to the security settings’ Features menu and enable the Site Scan.

How to Perform a Manual Site Scan

To trigger a manual Site Scan, navigate to the Site Scans page and click the Start Site Scan button.

The Site Scan results will be displayed.

If the Site Scan detects a vulnerability, click the vulnerability link to view the details page.

You will see if there is a fix available for the vulnerability. If there is a patch available, you can click the Update Plugin button to apply the fix on your website.

There can be a delay between when a patch is available and when the Solid Security Vulnerability Database is updated to reflect the fix. In this case, you can mute the notification to not receive any more alerts related to the vulnerability.

Important: You should not mute a vulnerability notification until you have confirmed your current version includes a security fix, or if the vulnerability doesn’t affect your site.

How to Enable Automatic Vulnerability Patching

The Site Scanner integrates with the Solid Security Pro Version Management feature to automatically update vulnerable software when a patch is available.

To enable automatic vulnerability patching, navigate to the security settings’ Features menu, click the Site Check tab, and enable Version Management. After Version Management is enabled, additional settings will appear.

Next click the checkbox next to Auto Update If Fixes Vulnerability option in the Version Management settings.

Once enabled, Solid Security Pro will automatically update a plugin or theme if it fixes a vulnerability that was found by the Site Scanner.

Get Solid Security Pro with 24/7 Website Security Monitoring

The Solid Security Pro Site Scan is a powerful tool to protect your WordPress website from the number one culprit of hacked WordPress websites. Solid Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add extra layers of security to your website.