Vulnerability Monitor for Wordfence Intelligence

Vulnerability Monitor for Wordfence Intelligence helps WordPress administrators identify known security vulnerabilities affecting installed plugins and themes. The plugin regularly checks the Wordfence Intelligence v3 vulnerability feed (supports object-map, array, NDJSON; gzip-aware; memory-safe) and provides alerts when vulnerable software is detected, helping keep WordPress installations secure and up to date. Not affiliated with Wordfence.

This plugin is designed to be:

• Lightweight – no external SaaS services beyond the official Wordfence feed API.
• Privacy-friendly – no tracking or telemetry; vulnerability matching happens locally on your site.
• Memory-safe – supports streaming large NDJSON and gzip feeds without exhausting server memory.
• Fully configurable – email notifications, severity levels, scheduled scans, and more.

Perfect for agencies, freelancers, and site owners who want proactive security visibility without complexity.

Key Features

• Scan installed plugins and themes for known vulnerabilities.
• Supports NDJSON, array JSON, and object-map JSON feed formats.
• Handles gzip-compressed feeds automatically.
• Match detection for:
  • severity levels (critical, high, medium, low)
  • patched versions
  • remediation steps
• Customizable email notifications with templates.
• Optional scheduled scans (hourly, daily, or custom).
• “Only notify on new issues” mode.
• Supports the current Wordfence Intelligence V3 API with API key authentication.
• Debug mode with detailed logs.
• No tracking or telemetry.
• Matching and reporting logic runs locally on your site.

How It Works

The plugin fetches the Wordfence Intelligence feed, streams it in a memory-safe way, and compares each entry with your installed plugins/themes.
You can trigger scans:

• manually from the WP Admin panel
• or automatically via the scheduled scan option

The results include severity, details, patched versions, and links to advisories.

External services

This plugin connects to the Wordfence Intelligence vulnerability feed provided by Defiant, Inc. to download vulnerability data used for scans.

The request is sent when you run a manual scan, when a scheduled scan runs, or when the cached feed expires and the plugin needs a fresh copy. The request sends your configured Wordfence API key in the Authorization header and standard web request metadata from your server such as your server IP address and user agent. The plugin does not send your installed plugin/theme inventory, scan results, or site content to Wordfence.

Service provider: Defiant, Inc.
Terms of Service: https://www.wordfence.com/terms-of-service/
Privacy Policy: https://www.wordfence.com/privacy-policy/