Enterprise security controls
for WordPress

Vulnerability scanning

WordPress VIP has several methods for detecting vulnerabilities, including an implementation of WPScan into our own Vulnerability and Update Scan technology. 

Vulnerability and update scans are intended to detect security issues and available version updates before plugins and themes are deployed. Once Plugins are deployed, they are frequently scanned for known vulnerabilities and available updates. Any issues and updates found will be reported in the Plugins panel of the VIP Dashboard.

To assist with plugin vulnerability management and provide you additional time to implement critical patches, our engineering teams monitor when a high severity vulnerability is announced for the top plugins in our ecosystem and take steps at the platform level to mitigate them. 

WordPress VIP also scans and maintains infrastructure and platform level software, insulating your applications with protections built on our systems. This container vulnerability scanning and audit logging mitigates threats for servers and host software. 

VIP Code Analysis Bot

The VIP Code Analysis Bot automatically analyzes code pushed to customer applications. These scans surface information on potential vulnerabilities in customer applications, streamlining security governance while offering advanced customizations around bot behavior, type of code scanned, and auto approval configurations. This helps customers maintain the quality of the code submitted and ensures the security and stability of WordPress sites hosted on the VIP Platform. 

The VIP Code Analysis Bot is composed of a series of powerful scanners to manage specific vulnerabilities and internal APIs. Capabilities include PHPCS analysis, PHP linting, SVG analysis, and Vulnerability and Update Scan with WPScan. 

Logging and auditing

WordPress VIP empowers customers to analyze and investigate security issues in real-time with robust logging and auditing. Our platform logs activity at the application, web server, load balancer, database, and operating system layers so you have granular security visibility at every level of your application. 

The Audit Log panel in the VIP Dashboard provides visibility into what is happening in an organization or an application. An audit trail of all management actions on the platform allows compliance with internal and external regulatory standards, and provides insight for debugging, security, and incident investigation. 

Security and penetration testing

WordPress VIP battle tests its platform for security so you can be confident we’re prepared for the myriad of security threats propagating on the web. We perform regular internal security testing and engage with third parties to perform platform vulnerability assessments.

This includes continuous penetration testing on our infrastructure for vulnerabilities. In every attack vector, our expertise can help you keep your application safe. 

Software Management

WordPress VIP also assists with vulnerability management by providing facilitated core WordPress updates. We alert all customers of upcoming WordPress updates and make sure you are on the latest secure version of the platform.  

Additionally, we provide customers with the flexibility to switch between PHP, mu-plugins, and Node versions without the need to contact our support teams. This can help prevent languishing outdated software from becoming an easy point of attack for malicious activity.

WordPress VIP also monitors regular security patches for WordPress Core. Because WordPress VIP is managed by active members of the WordPress community, when an issue arises, we can offer a headstart for patching it ahead of the fix getting pushed to WordPress Cre code.

From WordPress Core, PHP, MySQL, to Memcached, WordPress VIP helps your team to facilitate software management. Each rollout of new software is meticulously planned, and we provide rigorous testing to ensure airtight security and uptime throughout.