New WPScan Security Features: What It Means for WordPress VIP Customers

WordPress VIP is the most secure place to run WordPress. 

We continuously make security enhancements to our platform, ensuring that the CMS that powers more than 40% of the web meets the stringent needs of the most security-conscious customers. 

Recently, our parent company Automattic acquired WPScan, which monitors a database of 37,609 known WordPress vulnerabilities. 

We’re excited to announce new ways we’ve incorporated this market-leading technology into our WordPress VIP Codebase Manager, improving our security posture with enhanced detection and remediation. In addition to continuous monitoring of existing plugins and themes, customers will receive alerts for potential vulnerabilities whenever new WordPress themes or plugins are added.  

Get started with plugin vulnerability scanning

WordPress VIP customers can access these features via the VIP Dashboard, at Codebase > Plugins. You’ll have visibility on:

• Plugins installed in your environment
• Known security vulnerabilities for WordPress plugins and themes
• Available updates 

These new capabilities also let you create plugin update pull requests on demand, with just a few clicks. 

Better, more proactive protection

This integrated workflow will alert customers when they try to add a new WordPress plugin or WordPress theme with known vulnerabilities to their GitHub source repository via pull requests. It will also alert customers when obsolete WordPress plugins/themes are added.

Our improved security empowers customers to add new WordPress plugins or themes with more confidence, knowing they’ve been scanned for vulnerabilities and threats before deployment.