Protect your sites from hackers and boost performance with Sucuri’s Junior Dev Security Bundle. Get $500 off the Junior Dev Security Bundle now.  

Vulnerabilities

← Back to User Guide

User Guide

Get to know the basics, and a few helpful tips & tricks along the way!

Vulnerabilities

Vulnerabilities tool continuously scans your plugins, themes, and WordPress core using Patchstack and alerts you to threats via dashboard notifications in ManageWP, showing which components are affected, the severity level, and recommended actions. When a vulnerability is detected, you can act on it by updating or removing the affected component directly from your ManageWP dashboard.

If you upgrade to Vulnerability Protection (premium add-on), ManageWP will install the Patchstack Security plugin on your site and automatically activate three security modules: Rapid Mitigation (virtual patches), Advanced Hardening (attack prevention rules), and Community IP Blocklist (blocks malicious IPs), neutralizing threats at the application level even while you’re waiting for an official security update to become available.

Detection is automatically enabled on all sites in your ManageWP dashboard. 

Protection requires activation per site.

New to ManageWP? Here’s how to get started!

  • Find websites with vulnerabilities

    Find vulnerabilities from the Overview tab

    1. In your dashboard, make sure you’re in the Overview tab.
    2. Click the Vulnerabilities widget to see which of your sites have vulnerabilities.
    3. Click a status to see more details:
      • Need Attention — sites with detected vulnerabilities and no active protection.
      • Protected — sites with active Vulnerability Protection.
      • Clean — sites with no detected vulnerabilities.
      • Protection Off — sites where Protection has not been activated.

    Find vulnerabilities from the Websites list

    1. In the left icon sidebar, click Websites.
    2. Find websites marked with an orange triangle.
    3. Click the triangle to go to the Vulnerability Check tool, where you can see more details and update vulnerable plugins or themes.

  • View and examine vulnerabilities

    1. In your dashboard, go to the website you want to examine.
    1. In the left sidebar, click Vulnerabilities.
    1. Click on a vulnerability (or click Expand All) to view its priority, date of detection, status, and more.

    * For additional details, click the external link icon in the Info column to open the entry in Patchstack’s vulnerability database.

  • Upgrade to Vulnerability Protection

    Upgrading to Vulnerability Protection will install the Patchstack Security plugin on your website which is required for the functionality of the tool. Upgrading is only available for sites currently connected to your ManageWP dashboard, that are running WordPress 4.4 or higher. 

    If your site is already registered with Patchstack, you will have to remove it from Patchstack first before upgrading. 

    Upgrade from the Overview tab:

    1. In your dashboard, navigate to the Services widget.
    1. Click on Vulnerabilities
    2. Find sites showing Protection Off status.
    3. Click Enable Protection on the site you want to upgrade.

    Upgrade from an individual site:

    1. In your dashboard, go to the website where you want to upgrade.
    1. On the left sidebar, click Vulnerabilities.
    1. In the top-right corner, click Upgrade, then click Buy add-on.
    1. In a new pop-up, review the activation cost breakdown, then click Activate add-on

  • How to read the results

    The Vulnerabilities tab displays organized tables of all detected vulnerabilities for plugins, themes and WordPress core. You can browse, filter, and examine vulnerabilities from here.

    At a glance, you’ll see the vulnerable components name, the number of vulnerabilities in the current version, the currently installed version as well as the latest available version.

    Expanding a vulnerability will show additional details:

    • The type of vulnerability and how it can exploit your site.
    • Vulnerability priority helps you prioritize and filter vulnerabilities so you can see what needs your attention first.
    • CVSS score which rates how likely a vulnerability is to be exploited on a scale of 0-10.
    • The date the vulnerability was detected, current component version and the closest fixed version.
    • Vulnerability status (Premium)

    Vulnerability priority

    Vulnerabilities tool uses Patchstack’s advanced vulnerability classification to help you prioritize and filter vulnerabilities so you can see what needs your attention first. These ratings are updated in real time as more becomes known about each vulnerability.

    • Low priority: Not currently known to be exploited and do not require virtual patching. Should be addressed within 30 days.
    • Medium priority: Has the potential to be exploited and will receive virtual patch. Should be addressed within 7 days.
    • High priority: Has a high risk of being exploited. Should be addressed immediately upon detection.

    Vulnerability status 

    The Vulnerability status column shows how each threat can be addressed. These statuses are pulled directly from Patchstack and are visible only on websites using the paid Protection add-on.

    • Mitigated: A Patchstack virtual patch has been applied to block exploit attempts until an official update is available. This should not be treated as a permanent fix; An update is still recommended once available. 
    • Mitigation Not Required: The vulnerability is low priority and does not require mitigation.
    • Update Available: An official update is available for this vulnerable component. 
    • Update Not Available: No update is available for this vulnerable component.

Do you need further assistance?

Our guys specialize in making customers happy

Contact our support team
Blue CircleManny Wave