The iThemes Security Pro plugin released an improved way for protecting your sites against software vulnerabilities, the number one culprit of hacked and compromised WordPress sites.
Having software with known vulnerabilities installed on your site gives hackers the blueprints they need to take over your site. It is hard to keep track of every disclosed WordPress vulnerability–we keep track and share them in our WordPress Vulnerability Round Ups–and compare that list to the versions of plugins and themes you have installed on your site.
The improved WordPress Security Site Scan powered by iThemes performs automatic checks for known vulnerabilities installed on your site. And if a patch is available, iThemes Security Pro will now automatically apply the fix for you.
How to Enable Automatic Site Scanning
The Site Scan will be rolling out to existing iThemes Security and iThemes Security Pro users over the next couple of weeks. After receiving the update, the Malware Scan Scheduling module will be upgraded to the new Site Scan Scheduling module. If you had enabled Malware Scan Scheduling, the Site Scheduling would be enabled after upgrading.
To enable the Site Scan on new installs, navigate to the iThemes Security Pro settings and click the Enable button on the Site Scan settings module.
How to Perform a Manual Site Scan
To trigger a manual Site Scan, click the Scan Now button on the Site Scan Widget located on the right side-bar of the security settings.
The Site Scan results will display in the widget.
The Site Scan in Action
The initial version of the iThemes Security Site Scan will notify you if you have any known vulnerabilities (Pro Only) installed, the site’s Google blacklist status and if Google detected malware on your website.
The 3 Types of Vulnerabilities Checked
- WordPress Vulnerabilities
- Plugin Vulnerabilities
- Theme Vulnerabilities
How to Enable Automatic Vulnerability Patching
The Site Scanner integrates with the iThemes Security Pro Version Management feature to automatically update vulnerable software when a patch is available.
To enable automatic vulnerability patching, navigate to the iThemes Security Pro settings and click the Configure Settings button on the Version Management module.
Next click the checkbox next to Auto Update If Fixes Vulnerability option in the Version Management settings.
Once enabled, iThemes Security Pro will automatically update a plugin or theme if it fixes a vulnerability that was found by the Site Scanner.
Why We Are Replacing the Malware Scanner
The key reasons we are moving away from the Malware Scanner to the new iThemes Security Site Scanner are to:
- Provide Better Support
- Develop Improvements
Some time ago, we began receiving a large number of support tickets questioning the validity of the Malware Scanning reports. As we investigated, we noticed that in some cases the scan would fail to connect to customers websites while others would just timeout before the scan was completed.
When we took a deeper look into the Sucuri Malware scanning API we used for the former malware scan, we noticed that it didn’t provide the information actually required to resolve the issues with failed scans. This meant there wasn’t anything we could do to fix these issues.
You shouldn’t run into any problems using the new Site Scanner, but if you do, you will get the level of support you deserve.
The third-party API we previously used to power the malware scan prevented our development team from adding any scan improvements to iThemes Security.
Our plan is to continue adding improvements to the iThemes Security Site Scan to make it the best tool to protect your site.
Planned Site Scanner Improvements
In the coming months, we have a lot of exciting improvements planned for the iThemes Security Site Scanner!
- File Level Malware Scanning – The File Change Scan is getting an upgrade to intelligently identify malware.
- Malware Remediation – If malware is found, iThemes Security Pro will be able to delete or replace the compromised files.
The new iThemes Security Site scanner will notify if Google has identified malware on your site and will automatically scan for and update software with known vulnerabilities.
We are just getting started with the new iThemes Security Site Scanner, and you can expect major improvements in future releases of iThemes Security.