The Vulnerability Scanner is a built-in FlyWP feature that continuously monitors your WordPress installation for known security issues. It is available for all WordPress sites and can be accessed directly from the Security tab of the FlyWP dashboard.
This scanner protects your site by automatically detecting vulnerabilities in the WordPress core, installed plugins, and active themes helping you reduce the risk of exploits before attackers can take advantage of them.
How It Works
- Automatic Detection
- Once enabled, the scanner automatically reviews your WordPress installation.
- It compares installed versions of WordPress, plugins, and themes against a maintained vulnerability database.
- Trusted Data Sources
- By default, FlyWP uses the Wordfence Intelligence API Database.
- In some cases, FlyWP may also reference WPScan or Patchstack to enhance coverage and catch vulnerabilities that may not yet be included in a single database.
- Scan Frequency
- An initial scan begins when the feature is enabled.
- Automated daily scans can be toggled on or off from the Security tab.
- Results are updated automatically in the FlyWP dashboard.
Key Features
- Core Protection: Scans the WordPress core for outdated or insecure versions.
- Plugin Protection: Detects plugins with reported vulnerabilities, including those with remote code execution, SQL injection, cross-site scripting, or privilege escalation risks.
- Theme Protection: Identifies themes with known issues that could weaken your site’s security posture.
- Real-Time Alerts: Results are shown directly in the FlyWP Security tab so you know which components require updates or patches.
Notes
- Scans may take a few minutes depending on site size and the number of plugins/themes installed.
- Automated daily scans can be paused if necessary, but continuous scanning is strongly recommended.
How to Use the FlyWP Vulnerability Scanner
How to Configure API Credentials
The first step to setting up a vulnerability scanner is to set API provider and token:
- Open your site and go to the wp-config page.
- Edit wp-config and look for the following settings: VULN_API_PROVIDER and VULN_API_TOKEN.
- The available options for VULN_API_PROVIDER are patchstack, wordfence, and wpscan. By default, it is set to wordfence.
- If you don’t see these settings, you can add them manually.
- We suggest using a wpscan or patchstack API key. Add your API key to VULN_API_TOKEN and update the provider (VULN_API_PROVIDER) if needed.
- Click save. Your vulnerability check will then work with your custom configuration.
Running a vulnerability scanner
- Access the Security Tab
- Log in to your FlyWP dashboard.
- Navigate to the Security tab for your WordPress site.
- Enable Scanning
- The initial scan begins automatically when the feature is enabled.
- Results are immediately updated in the FlyWP dashboard.
- Manage Daily Scans (Optional)
- From the Security tab, you can toggle the automated daily scans on or off. Continuous scanning is strongly recommended for reduced risk exposure.
- View Alerts
- Real-time alerts and results are shown directly in the Security tab, allowing you to quickly identify components that require updates or patches.
The Vulnerability Scanner is a hands-free, built-in feature of FlyWP that continuously monitors your WordPress installation for known security issues across your WordPress core, installed plugins, and active themes.
