Receive Email Notification of Security Vulnerabilities in WordPress Plugins

As a webmaster of a WordPress site, the topmost priority is to keep it secure. With thousands of plugins in the WordPress repository, all it takes is just a malformed code in a plugin to bring the whole site down. We have shown you some of the security plugins that you can use to protect yourself, and to bring it further, you can now configure WordPress to send you email notifications when a security vulnerability is found in your WordPress plugins.

Plugin Vulnerabilities is a simple WordPress plugin that actively scans your installed plugins and sends you an email alert when a security vulnerability is found.

The usage is very simple. Once installed, go to “Plugins -> Plugins Vulnerabilities” to configure the settings.

On the settings page it shows you a list of vulnerabilities found in your existing installed plugins and also known vulnerabilities for the past versions of existing plugins.

plugins-vulnerabilities-list

For every vulnerability found it will come with a link to a site where you can read more information about it.

At the bottom of the Settings page, there is a drop-down field where you can enable an email alert when a security vulnerability is detected. Just change the drop-down to “Enabled” and click “Save Changes.”

plugins-vulnerabilities-enable-email-alert

It will now send you email notifications when it detects security vulnerabilities in your plugins.

To test it out, I downloaded version 1.5.5.1 of WordPress SEo (it has been renamed to Yoast SEO) that is known to have a cross-site scripting vulnerability. And this is what I see on the Plugins page:

plugins-vulnerabilities-detected-vulnerability

Note: Plugin vulnerabilities currently covers 345 vulnerabilities and will be updated as more vulnerabilities are uncovered.

If you received an email alert from Plugin Vulnerabilities, the first thing to do is to quickly update the plugin to the latest version. If it is already the latest version, and there is no fix from the developer, you will need to deactivate the plugin and look for a better, safer alternative.

If you tend to not bother too much with your WordPress setup, and/or you have not enabled the automatic background update for plugins, this will be a useful plugin for you as it keeps you alerted on the security vulnerabilities of your site. Let us know if you find this useful.