Docs

⌘K
  1. Home
  2. Docs
  3. Site
  4. Security
  5. Vulnerability Scanner

Vulnerability Scanner

The Vulnerability Scanner is a built-in FlyWP feature that continuously monitors your WordPress installation for known security issues. It is available for all Nginx-based WordPress sites and can be accessed directly from the Security tab of the FlyWP dashboard.

This scanner protects your site by automatically detecting vulnerabilities in the WordPress core, installed plugins, and active themes helping you reduce the risk of exploits before attackers can take advantage of them.

How It Works

  1. Automatic Detection
    • Once enabled, the scanner automatically reviews your WordPress installation.
    • It compares installed versions of WordPress, plugins, and themes against a maintained vulnerability database.
    • No manual configuration or input is required from the site owner.
  2. Trusted Data Sources
    • By default, FlyWP uses the Wordfence Intelligence API Database.
    • In some cases, FlyWP may also reference WPScan or Patchstack to enhance coverage and catch vulnerabilities that may not yet be included in a single database.
    • All integrations are handled internally. You don’t need to add API keys or tokens.
  3. Scan Frequency
    • An initial scan begins when the feature is enabled.
    • Automated daily scans can be toggled on or off from the Security tab.
    • Results are updated automatically in the FlyWP dashboard.

Key Features

  • Core Protection
    Scans the WordPress core for outdated or insecure versions.
  • Plugin Protection
    Detects plugins with reported vulnerabilities, including those with remote code execution, SQL injection, cross-site scripting, or privilege escalation risks.
  • Theme Protection
    Identifies themes with known issues that could weaken your site’s security posture.
  • Real-Time Alerts
    Results are shown directly in the FlyWP Security tab so you know which components require updates or patches.
  • Zero Configuration
    No extra setup, no API keys, and no server modifications. FlyWP handles everything.

Benefits

  • Hands-Free Security Monitoring
    FlyWP takes care of scheduling and running scans.
  • Comprehensive Coverage
    Multiple vulnerability databases are used to ensure reliable results.
  • Time-Saving
    Instead of manually checking every plugin or theme, FlyWP automates the process.
  • Reduced Risk Exposure
    Stay ahead of potential attacks by knowing what parts of your site need immediate attention.

Notes

  • Scans may take a few minutes depending on site size and the number of plugins/themes installed.
  • Automated daily scans can be paused if necessary, but continuous scanning is strongly recommended.
  • The Vulnerability Scanner is currently supported for Nginx Sites only.