WordPress Security Check Introduced Into ManageWP Orion

managewp-security

Security is the number one concern for WordPress professionals.

Your site going down is the least of your problems; malware injection attacks can ruin your website performance and ranking in a number of creative ways. You usually don’t find out about it until your website gets blacklisted by Google, and the damage has been done by then.

And the worst part?

All the security articles out there keep recycling the same bits of advice that are about as efficient as putting a band-aid over a stab wound.

bandaid

Pictured: 10 steps to secure your WordPress website

So what can be done? Tony Perez from Sucuri summed it up well in a WordCamp Europe 2014 talk – it’s about awareness and posture. Be vigilant.

Anticipate that your website will be compromised, and have a plan ready.

The ManageWP security check has been one of the most commonly used ManageWP tools. Regular checks are the easiest way to catch a suspicious line of code on your websites and find out about the problem before it escalates.

This is the reason why we decided it’s the first thing to be completed on the Orion road map.

Orion Security Check

The security check scans the pages on your website and compares the code against the known malware knowledge base. It also performs a blacklist check with a number of services, like Google Safe Browsing, Norton Safe Web, ESET, etc. It also flags certain site errors and outdated software.

security-check-clean

Green is clean, as my hippie parents used to say

If the check comes back positive, a more detailed report will be generated. If it’s malware, you’ll get a more detailed description, as well as the list of affected files. It’s important to note that ManageWP does not clean malware for you, at least not directly. You can use ManageWP backups to roll back to a clean version of your website; you can also try cleaning the malware yourself, or hire a professional to do this for you.

security-check2

Red is bad, as my survivalist grandpa used to say

How does the Orion security check differ from the classic ManageWP check?

History. Each scan result is now being stored in the archive. It allows you to look back into the past, investigate each security threat and discern a pattern if needed.

security-check3

In the next few days the security checks will be implemented into Orion client reports, and you’ll be able to send them to your clients.

(Update: as of January 15 the client report integration is available to all Orion users)

Our core philosophy is to automate as much of your workload as possible and let you focus on things that matter. That’s why we’ll back once the current roadmap is complete and create a fully automated security check. It’ll be just like with the backups and plugin updates; as soon as you log into your ManageWP dashboard, you’ll get a summary of all the security checks, with special attention on potential threats to your business.

Do you have any suggestions on how to further improve the security check? We already have plans for a security module down the line, is there anything else we could do to make your life easier?

Let us know in the comments below!

Nemanja Aleksic

Head of Growth at ManageWP. Marketing Manager at GoDaddy. WordCamp Belgrade organizer. But first and foremost, a father, a husband and a puck stopper.

30 Comments

  1. bơ đậu phộng

    Definitely implement automated checking, and make it the base functionality. Allow it to be scheduled regularly.

  2. pfreeman

    Hi, thanks for all the awesome work with this software its making my job so much more productive. Is there any news on the automation of the security scans? It is very time consuming (not viable at all) to go into each site to scan it so we are unable to use this feature just yet which is sad because it is so awesome.

    Same question for the performance scan as well.

    1. Nemanja Aleksic

      Author

      Automated Performance and Security Checks are expected to go live roughly a month after the Classic version gets phased out. So that would be some time during the summer.

  3. yen mach

    My shop has had been hacked, the report is also their level file hosting my xxx.gif no malware

  4. Nathan

    Any update on when this will be available in client reports?on the 11th you had said a week or so. Enjoying Orion the more I use it.

    1. Nemanja Aleksic

      Author

      Hi Nathan,

      The initial idea was to do it in a week or so, but we realized that half a dozen tools will also be implemented into the Orion client report, like SEO and uptime uonitoring.

      That’s why we’ll implement them all once other tools are done, when we do the client report scheduling feature (should be in February).

      Sorry about the delay, but it’s for a good cause – getting all the Orion tools online, ASAP.

      1. natebald

        OK, Thanks. Was really hoping to send out the New Years batch of client reports with some additional data. Certainly understand your reasoning.

        1. Nemanja Aleksic

          Author

          Hi Nathan,
          The client report integration is ready. There will be an official announcement, but I wanted to personally give you the heads-up.

  5. 1lifeincome

    Suggestion, can you place a green/red checkmark next to the respective property once the scan is run.

    1. Nemanja Aleksic

      Author

      Makes sense. I believe we already have this suggestion on our list of future improvements, although I can’t give you an ETA for now.

  6. Henry Ramirez

    hope this work, because we need our site secure..and i dont think wordpress is doing a hard work to keeps us away from hackers.

  7. accounts

    Is there a way to tie this into the client reports? This would be something amazing to include and run when client reports are sent out each month.

    1. Nemanja Aleksic

      Author

      Yeah, the security check will be included in the client report in a week or so.

      1. Chris Edwards

        Awesome!!

        1. Nemanja Aleksic

          Author

          We ran a bit behind the schedule with the client report integration, but now it is finally ready!

  8. 118Group

    This is a great feature. I’ve inherited hacked sites – they are no fun. For the fully automated Security Scan, will it email the administrator? I am using 2 security plugins now, but this is a welcomed feature.

    1. Nemanja Aleksic

      Author

      Right now we have a digest email, where all the important stuff is sent to your inbox daily, weekly or monthly. Do you believe that the positive result should be sent right away, as a separate email, or is it enough to be a part of the regular digest?

  9. Makis

    Most my clients are about hacked sites so I can tell you that I was looking for something like this. ManageWP didnt have this so I had to use a number of ways for monitoring my clients site security.

    Now it will be better organized and hopefully automated so scan could be run per day.

  10. trib

    Definitely implement automated checking, and make it the base functionality. Allow it to be scheduled regularly.

    Then, as an extra, we can do ad hoc scanning.

    1. Nemanja Aleksic

      Author

      What would be the optimum check frequency you’d use?

      1. Donna McMaster

        Great feature! Off the top of my head, I’d say once a week for the check frequency.

      2. 1lifeincome

        I’d say daily, w/a red flag email alert if detection occured.

  11. Carl Taylor

    This is great. I agree I’d love to see a scheduler for this so it’s automated. Also maybe seeing this tied into a backup too so when restoring a backup I can see which one was actually clean vs infected. I’d also love to see file change comparison check like Wordfence does. So checking if Plugins, Themes and WordPress core files look different to the repository versions. This is helpful so you can track down Malware and things that maybe haven’t yet shown up on a frontend scan yet.

    1. Nemanja Aleksic

      Author

      The Orion backups actually open up a whole new range of possibilities. Since the backups are kept on our cloud storage, we can run regular checks on our own and detect malicious changes. We could then do a rollback of the file to the version from the WordPress repository, or use the last known clean version of the file.

      This is just the tip of a very exciting iceberg 🙂

    2. jerry

      I concur with Carl’s points. Automated is a must otherwise we’re wasting time clicking on every single website individually to perform the same task. That makes no sense when these tools are meant to make management more efficient. And second excellent point is tying this into the backup tool. If backup and security were both automated and handled at the same time, you could easily restore an uninfected backup in mere moments rather than having to guess which backup might be clean.

  12. Simon

    Awesome! This definitely automates part of my workflow – once it’s fully automated of course! The only improvement is just for this to scan by itself. I currently use Sucuri which I assume you are also using which scans daily but the reports are not particularly nice. I include a link to the scan in a custom ManageWP report and this seems to work well for my clients.

    1. Nemanja Aleksic

      Author

      You have a great workaround, but we’ll try to make things easier for you by running the checks automatically and including them in the client report.

  13. omakad

    This is great. I wonder when will fully automated security check be available? Any ETA?

    1. Nemanja Aleksic

      Author

      No ETA right now. We know that it’s doable, but first we need to complete all the things on the Orion roadmap.

      1. omakad

        Is updated Orion read map available anywhere? I did find this: http://managewp.com/developer-diary-9-managewp-orion-is-out

Leave a Reply

Your email address will not be published. Required fields are marked *

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!

Have questions? Get in touch!

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!