The Vulnerability Scanner is a built-in FlyWP feature that continuously monitors your WordPress installation for known security issues. It is available for all Nginx-based WordPress sites and can be accessed directly from the Security tab of the FlyWP dashboard.
This scanner protects your site by automatically detecting vulnerabilities in the WordPress core, installed plugins, and active themes helping you reduce the risk of exploits before attackers can take advantage of them.
How It Works
- Automatic Detection
- Once enabled, the scanner automatically reviews your WordPress installation.
- It compares installed versions of WordPress, plugins, and themes against a maintained vulnerability database.
- No manual configuration or input is required from the site owner.
- Once enabled, the scanner automatically reviews your WordPress installation.
- Trusted Data Sources
- By default, FlyWP uses the Wordfence Intelligence API Database.
- In some cases, FlyWP may also reference WPScan or Patchstack to enhance coverage and catch vulnerabilities that may not yet be included in a single database.
- All integrations are handled internally. You don’t need to add API keys or tokens.
- By default, FlyWP uses the Wordfence Intelligence API Database.
- Scan Frequency
- An initial scan begins when the feature is enabled.
- Automated daily scans can be toggled on or off from the Security tab.
- Results are updated automatically in the FlyWP dashboard.
- An initial scan begins when the feature is enabled.
Key Features
- Core Protection
Scans the WordPress core for outdated or insecure versions. - Plugin Protection
Detects plugins with reported vulnerabilities, including those with remote code execution, SQL injection, cross-site scripting, or privilege escalation risks. - Theme Protection
Identifies themes with known issues that could weaken your site’s security posture. - Real-Time Alerts
Results are shown directly in the FlyWP Security tab so you know which components require updates or patches. - Zero Configuration
No extra setup, no API keys, and no server modifications. FlyWP handles everything.
Benefits
- Hands-Free Security Monitoring
FlyWP takes care of scheduling and running scans. - Comprehensive Coverage
Multiple vulnerability databases are used to ensure reliable results. - Time-Saving
Instead of manually checking every plugin or theme, FlyWP automates the process. - Reduced Risk Exposure
Stay ahead of potential attacks by knowing what parts of your site need immediate attention.
Notes
- Scans may take a few minutes depending on site size and the number of plugins/themes installed.
- Automated daily scans can be paused if necessary, but continuous scanning is strongly recommended.
- The Vulnerability Scanner is currently supported for Nginx Sites only.