The mission of iThemes Security is to make WordPress security simple. We’re here to provide the most effective and cutting-edge website security measures freely available to everyone, in one easy-to-use plugin.
In the latest release of the free iThemes Security plugin, we’re continuing our commitment to make the best security tools available to the WordPress community.
iThemes Security Pro’s most popular and powerful feature is now free in iThemes Security 8.1! With the addition of the iThemes Security Site Scan, you can protect your site against the #1 culprit of hacked WordPress sites: vulnerable plugins, themes, and WordPress core versions.
So let’s take a close look at the iThemes Security Site Scan and how it makes your site even more secure against potential hacks.
Why Vulnerability Protection is Critical To Securing Your Site From Hackers
We know how hard it is to keep track of every disclosed vulnerability in WordPress plugins, themes, and WordPress core. You shouldn’t have to worry about vulnerabilities, especially when patches are released to fix the issue.
That’s why we keep track and share new WordPress vulnerabilities in our weekly WordPress Vulnerability Reports. The iThemes Security plugin then compares the list to the versions of plugins and themes you have installed on your site, so you can always know if you are running a version of a plugin, theme, or WordPress core that has a known vulnerability.
Why are software vulnerabilities the #1 cause of all hacks, including WordPress? Because hackers are lazy. They don’t want to work hard.
A security vulnerability gives hackers the blueprints they need to take over your site. To make matters scarier, the no-code movement extends to would-be bad guys. There are automated tools designed to find and exploit known vulnerabilities removing the previously required coding skill needed to hack sites. There is no guy in a basement. Bots do the work while the hacker is out doing something else fun.
Most hackers aren’t actively searching for new security vulnerabilities and writing code to exploit them. Instead, they wait for developers to responsibly disclose a vulnerability in their software. The good news is that developers release a patch that fixes the vulnerability along with the disclosure.
All you need to do is update to secure your site against the vulnerability. But, hackers target patched vulnerabilities because they know people don’t always update (this includes the plugins and themes on your website).
iThemes Security Site Scan: Your Shield Against Vulnerabilities and Potential Hacks
The iThemes Site Scanner checks WordPress sites for over 26,000 vulnerabilities. It doesn’t matter if you follow all of the WordPress security best practices, if you have 1 of the tens-of-thousands vulnerabilities, your site is at serious risk. That is what makes software vulnerabilities so dangerous and scary.
The iThemes Security Site Scan is our way to secure and protect your WordPress website from vulnerabilities. The Site Scan checks your site for known vulnerabilities and automatically sends a notification when one is found. I want to really emphasize this, iThemes Security now alerts you when your site is at increased risk of being hacked.
The 3 Types of WordPress Vulnerabilities Checked By the Site Scan
- WordPress Core Vulnerabilities
- Plugin Vulnerabilities
- Theme Vulnerabilities
Additionally, using the Google Safe Browsing API, the Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website.
How to Use the iThemes Security Site Scan
To get started with iThemes Security’s Site Scan, navigate to the security settings’ Features menu. Click the Site Check tab. Enable the Site Scan.
After enabled, the Site Scan will automatically scan for vulnerabilities in your plugins, themes, and WordPress core, and check your site’s blocklist status twice a day.
How to Perform a Manual Site Scan
You also have the option to perform a manual scan from the Security Dashboard. Click the Security > Dashboard to view your security dashboard. From the Site Scans card, you can view a history of completed scans and trigger a new scan by clicking the Scan Now button.
After the scan is complete, a popup will display the results. In the popup, click Show Details to view the vulnerable software on your site.
Selecting a vulnerability from this list will take you to its Site Scan vulnerability page.
On the Site Scan vulnerability page, you will find all the information you need to know about the vulnerability.
You’ll be able to view this information about the vulnerability:
- Date of Scan – The date the scan ran.
- Vulnerabilities – Displays the name of the affected plugin or theme, affected versions, and the vulnerability type.
- Mute Vulnerability Notification – There can be a delay between when a patch is available and the iThemes Security Vulnerability Database getting updated to reflect the fix. In this case, you can mute the notification to not receive any more alerts related to the vulnerability. Important: You should not mute a vulnerability notification until you have confirmed your current version includes a security fix, or the vulnerability doesn’t affect your site.
- Vulnerability Score – The CVSS score is used to give you an idea of how severe the vulnerability is.
- Update – When available, you can click the Update button to update and apply the security patch to the vulnerable software.
- Vulnerability Status – The vulnerability status lets you know whether or not the developer has released a security patch.
- Refrence Links – You can use the reference links to learn more about the vulnerability.
- Vulnerability Timeline – The vulnerability timeline is the history of when the vulnerability was reported, publicly published, and the last time it updated in the vulnerability database.
Get Email Updates When iThemes Security Finds a Vulnerability On Your Site
The Site Scan can send you an email if it discovers an issue or has repeated difficulty conducting the scan. To enable this email notification, head over to the Notifications settings menu in your iThemes Security Pro plugin menu.
iThemes Security Pro gives you the ability to customize who gets this email notification (which is super helpful if you manage sites for clients.)
Now, anytime iThemes Security finds a vulnerability in one of your plugins, themes, or WordPress core, you’ll get an email. From this email, you can view the report details.
Don’t Want to Manually Update? Add More Power to Site Scan with Automatic Vulnerability Patching in iThemes Security Pro
Automatically updating vulnerable plugins, themes, and WordPress core removes the increased risk of a hacker compromising your site. The Site Scan Pro integrates with iThemes Security Pro’s Version Management feature to automatically update vulnerable software when a security patch is available in a vulnerable plugin, theme, or WordPress core version.
Once enabled, iThemes Security Pro will automatically update a plugin or theme if it fixes a vulnerability found by the Site Scanner.
To enable automatic vulnerability patching, you’ll need iThemes Security Pro. Navigate to the security settings’ Features menu and enable Version Management. After Version Management is enabled, click the settings cogwheel.
Next, click the checkbox next to Auto Update If Fixes Vulnerability option in the Version Management settings.
Wrapping Up: Vulnerable Software is Your Website’s Biggest Threat. Let’s Fix That Today.
Having just 1 of the over 26,000 known WordPress core, plugin, or theme vulnerabilities significantly increases the odds that a hacker’s attack will be successful. The good news is that iThemes Security Site Scan alerts you when your site is at its most vulnerable. As a result, you can sleep better knowing that your site is shielded against the biggest threat to your WordPress site.
You can get even more protection against WordPress vulnerabilities when upgrading to iThemes Security Pro. The iThemes Site Scan Pro will automatically update and apply security patches to vulnerable software when available.
Get iThemes Security Pro with 24/7 Website Security Monitoring
iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add extra layers of security to your website.