---
title: "How to Track WordPress Vulnerabilities With WPScan"
description: "In this article: Install WPScan Setup Notifications There are many great WordPress security plugins available for free. But it's still beneficial to know of zero-day exploits and new vulnerabilities..."
url: https://www.inmotionhosting.com/support/edu/wordpress/wordpress-vulnerabilities-wpscan/
date: 2019-10-11
modified: 2026-03-11
author: "InMotion Hosting Contributor"
categories: ["WordPress Hosting", "WordPress Tutorials"]
type: post
lang: en
---

# How to Track WordPress Vulnerabilities With WPScan

**In this article:**

- [Install WPScan](#install)
  - [Setup](#setup)
- [Notifications](#email)

There are many great [WordPress security plugins](/support/edu/wordpress/plugins/recommended-security-plugins/) available for free. But it’s still beneficial to know of zero-day exploits and new vulnerabilities in your installed plugins and themes.

[WPvulndb](https://wpvulndb.com/)[.com](https://wpvulndb.com/) compiles such information using WordPress vulnerability reports from various sources including [Common Vulnerabilities and Exposures (](https://cve.mitre.org/about/)[CVE](https://cve.mitre.org/about/)[)](https://cve.mitre.org/about/). The developers also have a WordPress plugin, WPScan, which keeps you up to date with new issues to help you understand what changes you may need to make to your website or security configurations.

**Note:** You’ll need to create a [WPvulndb](https://wpvulndb.com/users/sign_up)[.com](https://wpvulndb.com/users/sign_up) account to use this plugin.

Below we cover how to **setup WPScan and vulnerability notifications**.

Looking for high performance without a high price? Ask about our Nginx-powered [WordPress Hosting](https://www.inmotionhosting.com/wordpress-hosting) today.

## Install WPScan

There are multiple ways to install the [WPScan](https://wordpress.org/plugins/wpscan/)[ plugin](https://wordpress.org/plugins/wpscan/). You can [install the plugin manually](/support/website/how-to-upload-files-server/) or via [WP-](/support/edu/wordpress/wp-cli/install-a-plugin-using-wp-cli/)[CLI](/support/edu/wordpress/wp-cli/install-a-plugin-using-wp-cli/) (plugin slug `wpscan`). Below we’ll use the WordPress dashboard.

1. [Log in to your WordPress dashboard](/support/edu/wordpress/logging-into-wordpress-dashboard/).
2. [Install the WPScan plugin](https://www.inmotionhosting.com/support/edu/wordpress/plugins/install-wordpress-plugins/).
3. Activate the plugin.

### Setup

1. Register an account on [WPvulndb.com](https://wpvulndb.com/users/sign_up).
2. Log in to your WPvulndb.com account.
3. Click **FREE USAGE**.
4. On your profile page, scroll down and copy your API token.
5. At the top of your WordPress site, you’ll see the following:`To use WPScan you have to setup your WPVulnDB API Token. Settings`Click **Settings**.
6. Copy your API code from your WPvulndb.com account.
7. Click **Save Changes**.
8. Under *WPScan*, on the left, click **Reports**. You’ll see any reported vulnerabilities for your installed WordPress version, plugins, and themes.

### Notifications

On the right, enter your email address and a time-frame (daily, weekly, or monthly) to receive email notifications about new vulnerabilities.

![](https://www.inmotionhosting.com/support/wp-content/uploads/2019/10/wpscan-notifications.png)*Check for Vulnerabilities or Set Email Notifications*

![](https://www.inmotionhosting.com/support/wp-content/uploads/2019/10/wpscan-api.png)*WPScan API Code from WPvulndb.com*
