How to Track WordPress Vulnerabilities With WPScan

In this article:

There are many great WordPress security plugins available for free. But it’s still beneficial to know of zero-day exploits and new vulnerabilities in your installed plugins and themes. compiles such information using WordPress vulnerability reports from various sources including Common Vulnerabilities and Exposures (CVE). The developers also have a WordPress plugin, WPScan, which keeps you up to date with new issues to help you understand what changes you may need to make to your website or security configurations.

Note: You’ll need to create a account to use this plugin.

Below we cover how to setup WPScan and vulnerability notifications.

Looking for high performance without a high price? Ask about our Nginx-powered WordPress Hosting today.

Install WPScan

There are multiple ways to install the WPScan plugin. You can install the plugin manually or via WP-CLI (plugin slug wpscan). Below we’ll use the WordPress dashboard.

  1. Log in to your WordPress dashboard.
  2. Install the WPScan plugin.
  3. Activate the plugin.


  1. Register an account on
  2. Log in to your account.
  3. Click FREE USAGE.
  4. On your profile page, scroll down and copy your API token.
  5. At the top of your WordPress site, you’ll see the following:
    To use WPScan you have to setup your WPVulnDB API Token. Settings
    Click Settings.
  6. Copy your API code from your account.
  7. Click Save Changes.
  8. Under WPScan, on the left, click Reports. You’ll see any reported vulnerabilities for your installed WordPress version, plugins, and themes.


On the right, enter your email address and a time-frame (daily, weekly, or monthly) to receive email notifications about new vulnerabilities.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

Was this article helpful? Join the conversation!