We are excited to bring you WordPress Toolkit version 5.10, the first major WordPress Toolkit release of 2022!
This release focuses on further improving the vulnerability scan feature, delivering bugfixes to customers, and laying out the groundwork for introduction of API in the product.
Site vulnerability scan has been helping site administrators keep their sites secure for several months now. However, it was scanning only active plugins and themes, which could be a problem in some cases. If a site admin wanted to activate a previously inactive plugin, there was no way to check if this plugin was safe to activate (that is, if it contained known vulnerabilities).
To address this issue, WordPress Toolkit now also scans inactive plugins and themes. To help site admins correctly assess what needs to be addressed first, it’s now possible to filter out vulnerabilities based on whether they are found in active or inactive assets:
Since WordPress Toolkit sends out email notifications about found vulnerabilities, these emails now also include information about vulnerabilities found in inactive plugins and themes. These vulnerabilities are listed separately to make sure site admins can properly assess the urgency needed to address these vulnerabilities.
If a WordPress site is using an outdated version of PHP that’s no longer supported by the vendor, WordPress Toolkit shows a warning for the site administrator. To help users fix this issue, a link to PHP management menu was added to this warning message.
After the update to v5.10 WordPress Toolkit will run a one-time server-wide scan on cPanel platform. This will allow us to manage WordPress installations added manually or through other management tools.