Vulners Scanner


Automatically check your vulnerabilities in your WP plugins, web server and get a fix which can be installed using one bash command. This plugin helps you dramatically improve the security of your website and save time on security updates.

This plugin is based on Database and Scanner API.

NOTE: To use the plugin it is required to have a valid Vulners API key. To obtain one, please signup at and follow the guide at You can also read the Vulners EULA.


  • OS scanner – get information about vulnerabilities in OS packages with a simple command to fix themhem
  • Cumulative fix – generate bash command to fix vulnerable OS packages
  • WP plugin scanner – get information about vulnerabilities in installed plugins
  • Email notifications about new vulnerabilities based on your OS Environment and plugins
  • Scheduled scans keep you up to date with new vulnerabilities and are run every 4 hours

Usage notes

  • Install the plugin and activate it as usual
  • Add your vulners API key at the settings page (a warning will be visible at the top of admin menu until you do so) so)
  • Your first scan would be scheduled to run immediately. Others would be scheduled every 4 hours from now on
  • Go to Vulners Scanner page to see the results about OS packages and WP plugins separately
  • Visiting the Scaner page loads the saved results of the previous scan (no scans are performed on each and every visit so that your license would not deplete)y visit so that your license would not deplete)
  • To run a manual scan click Scan Now button. This should perform an immediate update (and cost several requests from your license)ts from your license)
  • You can use the How to Fix button to see the shell command you need to run to fix the found vulnerabilities


  • This is an example of OS Packages scan results.
    1. This is an example of WP Plugins scan results.
  • This is an interface of Plugin Settings.
  • This is an example of email notification about new vulnerabilities.


No scheduled scans are performed

One of the main problems met during development was the one that scheduled scans were not running properly. Note that the plugin makes use of wp-cron for scheduled scans rather than system-specific cron. That means no scheduled events would fire unless someone visits your site from time to time. And if scheduled scans do not run, make sure wp-cron runs correctly (for instance using ALTERNATE_CRON made the trick during the development phase). Or you can simply set system cron yourself.

Everything else

Pretty much everything else should have been accounted for (either fixed or appended to the list of future developments). However, if you do run into something you believe to be a problem in the plugin itself, you can send your question to


There are no reviews for this plugin.

Contributors & Developers

“Vulners Scanner” is open source software. The following people have contributed to this plugin.


Translate “Vulners Scanner” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Fix link to Scanner page in index.php


  • Fix several warnings.
  • Restrict direct access to email template.
  • Show safe OS packages as well.


  • Add email template: include report with the found vulnerabilities
  • Refactoring.


  • Initial release
  • currently only Linux is scanned (only basic OS detection mechanism is implemented for now)
  • emails are sent at the end of every scheduled scan and do not contain vulnerability descriptions

* schedule for wp-cron is hard-coded: the scans would run every 4 hours.