WordPress sites change fast. Plugins update, disclosures drop, and new issues move from theory to production risk in hours. That is exactly why we added vulnerability monitoring to Scanfully.
You can now track known plugin vulnerabilities inside the same dashboard you already use for uptime, performance, site health, and activity. More importantly, you can choose how you want to hear about them. Scanfully can notify you through Slack, Discord, text, or email.
This changes the timing of vulnerability monitoring in a meaningful way. You no longer need to wait for a nightly scan to find out that a vulnerable plugin is active on one of your WordPress sites. As soon as we can detect and process a relevant issue, we notify you through the channels you already use.
Why we built this
Well, we couldn’t call ourselves Scanfully if we didn’t scan your WordPress sites fully, now could we?
We wanted vulnerability monitoring to feel like the rest of Scanfully. It should be visible, practical, and easy to act on, and near instant. That means two things had to happen.
First, the vulnerability signal needed to live inside our dashboard, not inside our plugin.
Second, notifications needed to be flexible enough to fit the way teams already work. Some teams live in Slack. Some want Discord alerts. Some still want email. And for urgent cases, text messages can make more sense than anything else.
What the new feature does
Scanfully now shows plugin vulnerabilities directly in the dashboard. When we detect that an installed plugin version matches a known vulnerability, we flag it clearly in the plugin overview.
You can see the affected plugin, the installed version, the severity, and whether a fix is available. When more context matters, we link directly to the vulnerability details so you can review the issue before you decide what to do next.
That matters because not every vulnerability has the same operational impact. Sometimes the right move is an immediate update. Sometimes you need to validate compatibility first. And sometimes there is no patched release yet, which means you need a temporary mitigation plan instead of a rushed deployment.
Your notifications
This feature would be incomplete without delivery options. You can configure vulnerability notifications through the channels Scanfully already supports. That includes Slack, Discord, text, and email. The goal is simple. Important alerts should reach the right people without forcing them into a new workflow.
A freelancer managing a handful of sites might prefer email. An agency team might want Slack notifications in an operations channel. A distributed product team might route alerts into Discord. And when something needs immediate attention, text messages can cut through the noise faster than an inbox ever will.
As close to real time as we can make it
With how we’ve implemented our vulnerability scan, you do not have to wait for a nightly scan cycle when a critical vulnerability appears in a plugin installed on your WordPress site. We surface issues as quickly as our detection pipeline allows, which makes this as close to real-time vulnerability notification as we can currently deliver.
That does not mean every disclosure becomes instantly actionable. Vulnerability data still needs to be verified, processed, and matched correctly to plugin versions in the wild. But it does mean Scanfully now helps you react on the same day, not the next morning.
For site owners and WordPress professionals, that is the difference between passive reporting and active monitoring.
When Scanfully flags a vulnerable plugin, we also link to the vulnerability record for further details. That gives you the context behind the alert instead of forcing you to guess what happened.
You can review the affected version range, the severity, and whether a fix exists yet. That makes it easier to answer the questions that always come next.
Is this issue relevant to the version I run? Can I patch this immediately? Do I need to disable the plugin? Should I wait for a fixed release?
Those are operational questions, not abstract security questions. We try and help you answer those questions quickly.
Built for people who manage real WordPress sites
This feature is useful for solo site owners, but it becomes even more valuable when you manage multiple WordPress installs.
Agencies, freelancers, and in-house teams rarely monitor just one site. They manage a mix of plugins, release schedules, clients, and hosting environments. Security work becomes harder when information is fragmented across dashboards, inboxes, and spreadsheets.
By adding vulnerability monitoring to Scanfully, we reduce that fragmentation. You can see uptime, performance, site health, activity, SSL status, and now plugin vulnerability signals in one place.
That makes the product more useful in the exact moments when clarity matters most.
What this means in practice
The 1.8 release gives you a faster path from disclosure to action. You see vulnerable plugins inside Scanfully. You can open the linked vulnerability details for context. You can route alerts through Slack, Discord, text, or email.
And you do not need to wait for nightly scans to learn that a critical issue is already present on a live site.
That is the kind of monitoring we want Scanfully to provide. Not just historical reporting, but timely signals that help you protect WordPress sites before small problems turn into bigger ones.
Leave a Reply