Best way to get informed about vulnerabilities?

I’m hosting 130+ Wordpress sites. To get this sites safe I’ve been using different tools. But the most important way to get safe is to fast update vulnerabilities. Therefore, I need to get informed about them as fast as possible.
Meanwhile, Ninja Firewall, which I install on all my sites, informs also about critical vulnerabilities, but I suppose they only monitor the most used ones. Additionally, I installed Virusdie over the Mainwp Dashboard. But in the free version it scans only once a week.
Most of my customers have a small business, so the pro versions of the most security tools are far to expensive for them. So I have to try to use free or cheap toosl.
I regularly look at WordPress Vulnerability Database - Patchstack.

What do you use to get informed ?

1 Like

I use WordFence in combination with the Vulnerability Checker extension (I have a plan with wpscan)

Thanks alainL.

WPScan is a good solution, but too expensive when having many websites to check. They had a newsletter informing about vulnerbilities, I read. But now it seems not to work anymore.

You can pay for the daily WP Scan notification, only 5 euros per month. At least, you get a daily notification of which plugins or themes have a security issue. Not ideal but a good start…

I second Wordfence. I receive emails from them about big issues that I can then use MainWP or command line searches on the server to find sites that need to be protected.

For the most part, Wordfence protects against most of the serious threats out of the box. When something big comes up, they add it to their firewall. The free version waits a month for firewall updates, but I have never had any sites hacked (I host about 75 with 44 in MainWP). Simply keeping plugins and themes up to date is 99% of keeping Wordpress secure.

1 Like

Wordfence for me too.
I install the free plugin on all the sites I build.
Wordfence are actively looking for vulnerabilities which they report via email and their blof when they find a fix and set a new rule for Pro uses.
This allows me to run a search for the vulnerable plugin on my sites in MainWP and update the vulnerable plugin if any are found.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.