Vulnerability Monitor for Wordfence Intelligence
| 开发者 | interaktivch |
|---|---|
| 更新时间 | 2026年6月19日 17:26 |
| 捐献地址: | 去捐款 |
| PHP版本: | 7.2 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
Vulnerability Monitor for Wordfence Intelligence helps WordPress administrators identify known security vulnerabilities affecting installed plugins and themes. The plugin regularly checks the Wordfence Intelligence v3 vulnerability feed (supports object-map, array, NDJSON; gzip-aware; memory-safe) and provides alerts when vulnerable software is detected, helping keep WordPress installations secure and up to date. Not affiliated with Wordfence.
This plugin is designed to be:
- Lightweight – no external SaaS services beyond the official Wordfence feed API.
- Privacy-friendly – no tracking or telemetry; vulnerability matching happens locally on your site.
- Memory-safe – supports streaming large NDJSON and gzip feeds without exhausting server memory.
- Fully configurable – email notifications, severity levels, scheduled scans, and more.
- Scan installed plugins and themes for known vulnerabilities.
- Supports NDJSON, array JSON, and object-map JSON feed formats.
- Handles gzip-compressed feeds automatically.
- Match detection for:
- severity levels (critical, high, medium, low)
- patched versions
- remediation steps
- Customizable email notifications with templates.
- Optional scheduled scans (hourly, daily, or custom).
- "Only notify on new issues" mode.
- Supports the current Wordfence Intelligence V3 API with API key authentication.
- Debug mode with detailed logs.
- No tracking or telemetry.
- Matching and reporting logic runs locally on your site.
- manually from the WP Admin panel
- or automatically via the scheduled scan option
安装:
- Upload
vulnerability-monitor-for-wordfence-intelligenceto the/wp-content/plugins/directory. - Activate the plugin through the Plugins menu.
- Open Vulnerability Monitor for Wordfence Intelligence in the WordPress admin sidebar.
- Configure notification email, Wordfence API key, and preferred severity levels.
- (Optional) Enable scheduled scans.
常见问题:
Does this plugin store a default API key or email address?
= Does this plugin send my data to external servers? =\
The plugin fetches the Wordfence Intelligence feed from Wordfence.\
It does not upload your installed plugin/theme inventory or scan results to Wordfence.
= Does it slow down my website? =\
No. All scans are manual or scheduled via WP-Cron.\
Normal visitors are never affected.
= Do I need a Wordfence account? =\
Yes. Wordfence Intelligence V3 requires an API key from your Wordfence account.
You can create it after signing in at the Integrations page in your Wordfence.com account.
No. The plugin does not ship with any embedded API key or hardcoded email address.
By default it uses your site's existing admin_email setting until you change it.
= Does this replace Wordfence? =\
No. This plugin is not a firewall.\
It is a lightweight vulnerability monitor.
= Can I customize the email template? =\
Yes! Both subject and body support placeholders like {site}, {count}, {time}, {list_html}.
= Can agencies use this on client websites? =\
Absolutely. That’s one of the primary use cases.
更新日志:
1.3.9
- Stored scan result and operational status options with
autoloaddisabled to reduce unnecessary front-end option loading.
- Replaced inline admin CSS and JavaScript with properly enqueued assets.
- Documented the Wordfence external service usage, data flow, and policy links in the readme.
- Renamed generic runtime identifiers to stronger
wfim-prefixed names to reduce conflict risk.
- Renamed the public plugin package and release metadata for the new WordPress.org naming requirements.
- Updated the public slug, text domain, and bundled archive structure to match the new plugin name.
- Optimized feed matching so scans no longer re-scan the full installed plugin and theme lists for every feed item.
- Reduced the risk of 30-second timeouts on larger Wordfence Intelligence v3 feeds.
- Updated release metadata for the WordPress 7.0 compatibility check.
- Bumped the packaged plugin version to 1.3.5.
- Added an admin confirmation notice after sending a test email.
- Improved test email feedback so successful sends are visible immediately in settings.
- Fixed WordPress.org Plugin Check findings in the admin UI and packaging metadata.
- Aligned plugin headers and readme requirements for WordPress.org submission.
- Cleaned the release package and removed development-only warnings.
- Distributed scheduled scans across sites using a stable per-site offset, reducing simultaneous Wordfence API requests.
- Re-aligned existing scheduled scans to the new staggered timing after settings updates and plugin load.
- Added detailed diagnostics for Wordfence feed fetch failures, including HTTP 429 rate-limit hints.
- Preserved debug logs for failed scans so API error details remain visible in Scan Summary.
- Added operational alert emails for scan failures, overdue scheduled scans, and fatal plugin errors.
- Added recovery emails when scanning starts working again.
- Added throttling to reduce repeat alert spam.
- Improved the settings UX by moving the API key directly below the feed URL and removing the misleading "optional" label.
- Migrated the default vulnerability feed from Wordfence V2 to V3.
- Automatically upgrades the legacy V2 endpoint to the V3 endpoint in plugin settings.
- Shows a clear admin error when the required Wordfence API key is missing.
- Fixed
send_only_newemail logic so only genuinely new findings trigger notifications. - Added feed caching based on the configured cache TTL.
- Made scheduled/manual scan failures return gracefully instead of terminating abruptly.
- Fixed the deactivation modal stylesheet.
- Initial public release.