WordPress Security Check Introduced Into ManageWP Orion

managewp-security

Security is the number one concern for WordPress professionals.

Your site going down is the least of your problems; malware injection attacks can ruin your website performance and ranking in a number of creative ways. You usually don’t find out about it until your website gets blacklisted by Google, and the damage has been done by then.

And the worst part?

All the security articles out there keep recycling the same bits of advice that are about as efficient as putting a band-aid over a stab wound.

bandaid

Pictured: 10 steps to secure your WordPress website

So what can be done? Tony Perez from Sucuri summed it up well in a WordCamp Europe 2014 talk – it’s about awareness and posture. Be vigilant.

Anticipate that your website will be compromised, and have a plan ready.

The ManageWP security check has been one of the most commonly used ManageWP tools. Regular checks are the easiest way to catch a suspicious line of code on your websites and find out about the problem before it escalates.

This is the reason why we decided it’s the first thing to be completed on the Orion road map.

Orion Security Check

The security check scans the pages on your website and compares the code against the known malware knowledge base. It also performs a blacklist check with a number of services, like Google Safe Browsing, Norton Safe Web, ESET, etc. It also flags certain site errors and outdated software.

security-check-clean

Green is clean, as my hippie parents used to say

If the check comes back positive, a more detailed report will be generated. If it’s malware, you’ll get a more detailed description, as well as the list of affected files. It’s important to note that ManageWP does not clean malware for you, at least not directly. You can use ManageWP backups to roll back to a clean version of your website; you can also try cleaning the malware yourself, or hire a professional to do this for you.

security-check2

Red is bad, as my survivalist grandpa used to say

How does the Orion security check differ from the classic ManageWP check?

History. Each scan result is now being stored in the archive. It allows you to look back into the past, investigate each security threat and discern a pattern if needed.

security-check3

In the next few days the security checks will be implemented into Orion client reports, and you’ll be able to send them to your clients.

(Update: as of January 15 the client report integration is available to all Orion users)

Our core philosophy is to automate as much of your workload as possible and let you focus on things that matter. That’s why we’ll back once the current roadmap is complete and create a fully automated security check. It’ll be just like with the backups and plugin updates; as soon as you log into your ManageWP dashboard, you’ll get a summary of all the security checks, with special attention on potential threats to your business.

Do you have any suggestions on how to further improve the security check? We already have plans for a security module down the line, is there anything else we could do to make your life easier?

Let us know in the comments below!

Nemanja Aleksic Avatar

30 responses

  1. omakad@gmail.com Avatar
    omakad@gmail.com

    This is great. I wonder when will fully automated security check be available? Any ETA?

  2. Simon Avatar
    Simon

    Awesome! This definitely automates part of my workflow – once it’s fully automated of course! The only improvement is just for this to scan by itself. I currently use Sucuri which I assume you are also using which scans daily but the reports are not particularly nice. I include a link to the scan in a custom ManageWP report and this seems to work well for my clients.

  3. Carl Taylor Avatar
    Carl Taylor

    This is great. I agree I’d love to see a scheduler for this so it’s automated. Also maybe seeing this tied into a backup too so when restoring a backup I can see which one was actually clean vs infected. I’d also love to see file change comparison check like Wordfence does. So checking if Plugins, Themes and WordPress core files look different to the repository versions. This is helpful so you can track down Malware and things that maybe haven’t yet shown up on a frontend scan yet.

  4. trib@acidlabs.org Avatar
    trib@acidlabs.org

    Definitely implement automated checking, and make it the base functionality. Allow it to be scheduled regularly.

    Then, as an extra, we can do ad hoc scanning.

  5. Makis Avatar
    Makis

    Most my clients are about hacked sites so I can tell you that I was looking for something like this. ManageWP didnt have this so I had to use a number of ways for monitoring my clients site security.

    Now it will be better organized and hopefully automated so scan could be run per day.

  6. 118Group Avatar
    118Group

    This is a great feature. I’ve inherited hacked sites – they are no fun. For the fully automated Security Scan, will it email the administrator? I am using 2 security plugins now, but this is a welcomed feature.

  7. accounts@chrisedwards.me Avatar
    accounts@chrisedwards.me

    Is there a way to tie this into the client reports? This would be something amazing to include and run when client reports are sent out each month.

  8. Henry Ramirez Avatar
    Henry Ramirez

    hope this work, because we need our site secure..and i dont think wordpress is doing a hard work to keeps us away from hackers.

  9. 1lifeincome@gmail.com Avatar
    1lifeincome@gmail.com

    Suggestion, can you place a green/red checkmark next to the respective property once the scan is run.

  10. Nathan Avatar
    Nathan

    Any update on when this will be available in client reports?on the 11th you had said a week or so. Enjoying Orion the more I use it.

  11. yen mach Avatar
    yen mach

    My shop has had been hacked, the report is also their level file hosting my xxx.gif no malware

  12. pfreeman Avatar
    pfreeman

    Hi, thanks for all the awesome work with this software its making my job so much more productive. Is there any news on the automation of the security scans? It is very time consuming (not viable at all) to go into each site to scan it so we are unable to use this feature just yet which is sad because it is so awesome.

    Same question for the performance scan as well.

  13. bơ đậu phộng Avatar
    bơ đậu phộng

    Definitely implement automated checking, and make it the base functionality. Allow it to be scheduled regularly.

Leave a Reply

Your email address will not be published. Required fields are marked *