Solid Security Pro – Site Scan
In this Feature Spotlight post, we highlight Site Scan, a key feature in Solid Security Pro. We'll share why we developed the feature, who it is for, and how to use it. Why you need a site scanner for your WordPress site The decision to develop this feature started several years ago in response to a significant vulnerability.
In this Feature Spotlight post, we highlight Site Scan, a key feature in Solid Security Pro. We’ll share why we developed the feature, who it is for, and how to use it.
Why you need a site scanner for your WordPress site
The decision to develop this feature started several years ago in response to a significant vulnerability. In late 2018, hackers were actively taking advantage of an exploit in the WP GDPR Compliance plugin. The exploit allowed unauthorized users—people not logged into a website—to modify the WP user registration settings and change the default new user role from a subscriber to an administrator. Thankfully, the WP GDPR Compliance plugin developers acted fast and released a patch for the day after the vulnerability was publicly disclosed.
In the days following the WP GDPR Compliance vulnerability disclosure, we received a flurry of reports from our customers that they were finding new and unexpected administrator users on their websites. Or worse, that their admin user was removed, and as a result, they lost control of their website. Luckily, we knew what the culprit of the attacks was, and we were able to instruct people to remove the new users, and update WP GDPR Compliance to version 1.4.3 or above to patch the point of entry and to prevent further attacks on the exploit. Unfortunately, some of our customers that lost access to their website didn’t have a WordPress backup to restore from and had to hire a hack repair specialist to regain access to their website.
Receiving a high number of reports of customers sites being exploited by WP GDPR Compliance vulnerability months after they released a patch was not something we anticipated. It wasn’t until a full year after the patch was released that we finally stopped receiving regular reports about customer’s sites being hacked via this exploit. In that year, our customers collectively had hundreds of hacked websites that could have been prevented simply by keeping their plugins updated.
The most frustrating thing for me in leading the support team was hearing from customers who fall victim to hacks that could have been easily prevented. It made me cringe to think about all of the unnecessary time spent cleaning up hacked sites. Our team also had a lot of difficult conversations with clients and customers about preventable breaches. Ben Meredith, Director of Technical Support, SolidWP
Having a vulnerable plugin or theme for which a patch is available but not applied is the number one culprit of hacked WordPress websites. As we learned earlier, the WP GDPR Compliance vulnerability gave hackers the blueprint they needed to take over any site that didn’t update to version 1.4.3 to patch the point of entry. Talk about rolling out the red carpet.
We knew that our customers didn’t have the time to keep track of every disclosed WordPress vulnerability and compare that list to the versions of plugins and themes installed on their site(s). So we created a way to automatically protect themes Security Pro customers from the #1 culprit of hacked WordPress websites.
What is the Solid Security Pro Site Scan?
The Solid Security Pro Site Scanner is our way to secure and protect your WordPress website from the number one cause of all software hacks. The Site Scanner checks your site for known vulnerabilities and automatically applies a patch if one is available.
Types of vulnerabilities checked
- WordPress vulnerabilities
- Plugin vulnerabilities
- Theme vulnerabilities
Using the Google Safe Browsing API, the Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website. The Solid Security Pro Site Scan will save people from spending unnecessary time and money cleaning up hacked websites. It also prevents our customers from losing their clients or customers after informing them about a successful hack.
How to use the Solid Security Pro Site Scan
To get started with Site Scan, navigate to the security settings’ Features menu, click on the Site Check tab, and enable Scheduled Site Scan.
How to perform a manual Site Scan
To trigger a manual Site Scan, navigate to the Site Scans page and click the Start Site Scan button.
The Site Scan results will be displayed.
If the Site Scan detects a vulnerability, click the vulnerability link to view the details page.
You will see if there is a fix available for the vulnerability. If there is a patch available, you can click the Update Plugin button to apply the fix on your website.
There can be a delay between when a patch is available and when the Solid Security Vulnerability Database is updated to reflect the fix. In this case, you can mute the notification to not receive any more alerts related to the vulnerability.
Important: You should not mute a vulnerability notification until you have confirmed your current version includes a security fix or if the vulnerability doesn’t affect your site.
How to enable automatic vulnerability patching
The Site Scanner integrates with the Solid Security Pro Version Management feature to automatically update vulnerable software when a patch is available.
To enable automatic vulnerability patching, navigate to the security settings’ Features menu, click the Site Check tab, and enable Version Management. After Version Management is enabled, additional settings will appear.
Next, click the checkbox next to Auto Update If Fixes Vulnerability option in the Version Management settings.
Once enabled, Solid Security Pro will automatically update a plugin or theme if it fixes a vulnerability that was found by the Site Scanner.
Get Solid Security Pro with 24/7 website security monitoring
The Solid Security Pro Site Scan is a powerful tool to protect your WordPress website from the number one culprit of hacked WordPress websites. Solid Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With two-factor authentication, brute force protection, strong password enforcement, and more, you can add extra layers of security to your website.
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed
