The Plesk WordPress Toolkit 5.8 is now available. This release comes with the biggest game charger feature of the year – the Site Vulnerability Scan. Let’s have a look at why we’re so excited about this feature going forward:
Site Vulnerability Scan
WordPress Toolkit can now regularly scans active plugins, themes, and WordPress versions to identify known vulnerabilities, using information provided by our friendly partners at Patchstack. Before we go further into the details of this feature, let’s quickly go through some numbers to understand how much of a game changer this really is:
First of all, WordPress is used on roughly 43% of all sites on the internet, and the figure is goes up to 65% for sites made on a CMS (content management system). These figures are constantly growing, meaning that WordPress is becoming an even bigger target for hackers every day. Case in point:
- Cybercrime is up 600% due to the COVID-19 pandemic
- Over 18 million websites are infected with malware each week
- 25% of top WordPress plugins are flagged with critical vulnerabilities
- 60% of data breach victims said they were breached due to an unpatched known vulnerability where the patch was not applied
We can go on and on quoting various security-related stats, but the point is clear: addressing vulnerabilities is arguably the most important thing you can do for your site.
To make the internet a safer place for all, WordPress Toolkit is now introducing an automated vulnerability scan. Every hour we’re examining the Patchstack database to identify whether there’s a new vulnerability reported. Every hour we are verifying if there are any plugins, themes, or WordPress sites on a given server with known vulnerabilities. Once a vulnerability is detected, WordPress Toolkit will mark the site in the interface, letting site admins know they should take action. Since a picture is worth a thousand words, the screenshots below tell the story for us.
This is what site admins will see when they access WordPress Toolkit and one of their sites has a known vulnerability:
If you only have one site, or you have expanded a site in the list, there will be an additional indication about the presence of vulnerabilities:
If you open the Plugins or Themes tabs, you will be able to see which ones are vulnerable:
You will also see this information when opening the global Plugins or Themes tabs:
As you can see, the old Security Measures menu has been moved to a separate tab. This was done because it contains rarely used operations (even though they are important). Furthermore, since the site admins will be using this more frequently, the first (and default) tab now contains vulnerability information.
The options for site admin are self-explanatory and can be seen in the screenshots above. However, If you have activated the Security menu for multiple sites, you will be seeing a different picture:
You can also switch between different views on the fly, giving everyone a convenient way to review and solve the issues on their sites.
To summarize, the Site Vulnerability Scan introduced in the 5.8 release provides site administrators with the necessary tools to quickly assess the situation and take appropriate measures going forward. Besides our continuous effort at Plesk to improve user experience by monitoring user feedback, we already have a bunch of improvements lined up for the next WordPress Toolkit releases.
Furthermore, in case you were wondering, this feature is completely free for all WordPress Toolkit users. We hope this feature will bring a smile to web professionals all over the world.
This feature will be gradually rolled out on Plesk to assess its performance going forward, so if you don’t see this feature appear on your server immediately, don’t worry! It will appear soon.
While the Site Vulnerability Scan was the feature and highlight of this release, the Plesk WordPress Toolkit 5.8 furthermore includes several minor changes that are worth a mention:
Autodetection of WordPress login URL
Many WordPress sites change their login URL to protect themselves from automated bot attacks looking to bruteforce a password or two. WordPress Toolkit has supported this feature, but one had to manually input the new login URL in order to use the one-click login feature of WordPress Toolkit. Now we’ve figured out a way to detect the login URL without asking site admins, so we’ve implemented this change to make your lives a bit easier:
Changes under the hood & various improvements
Plesk WordPress Toolkit 5.8 includes a variety of other changes that cannot be displayed via screenshots, so here’s a brief bullet list:
- Blocklist now works with CLI operations and doesn’t check updates for blocked plugins.
- The Scan procedure no longer rescans sites already added to WordPress Toolkit, meaning it now works much faster.
- The Smart Updates procedure is now more ‘eco-friendly’, meaning it no longer leaves empty folders behind itself.
- The performance of installing and removing WordPress sites on servers with a lot of connected databases has improved significantly.
- Performance of the Action Log was also improved when working with very large log files.
- In comparison to the previous release, twice as many customer bugs were fixed.
We are planning to improve the Site Vulnerability Scan even further for email along with new auto-update features and more! Finally, we are working on introducing a modern API that should eventually cover all the relevant WordPress Toolkit functionalities.
With that said, we hope we’ll see you again soon for yet another quick WordPress Toolkit update. Thank you kindly for your attention, and see you next time!