> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mainwp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Vulnerability Checker

> MainWP Vulnerability Checker extension uses either the free MainWP NVD API or the paid WPScan Vulnerability Database API to bring you information about vulnerable plugins and themes on your Child Sites so you can act accordingly.

## What You'll Learn

* Scanning child sites for known plugin and theme vulnerabilities
* Scheduling automated vulnerability checks
* Using MainWP NVD API vs WPScan Vulnerability Database
* Acting on vulnerability scan results

***

<div id="addon-data" style={{display: 'none'}} data-title="Vulnerability Checker" data-purchase-url="https://mainwp.com/extension/vulnerability-checker/" data-pricing-tier="free" data-bundle="Essentials" data-addon-type="extension" data-version="5.0.3" data-developer="MainWP" data-changelog-url="https://mainwp.com/changelog/mainwp-vulnerability-checker-extension/" data-requirements="MainWP Dashboard 4.5+, MainWP Child 4.1.7+" data-owned-by="Jestart LLC" data-privacy-url="https://mainwp.com/mainwp-plugin-privacy-policy/" />

<Info>
  **Extension Add-on** - This add-on provides standalone functionality within MainWP Dashboard. No third-party plugins required.
</Info>

[MainWP Vulnerability Checker](https://mainwp.com/extension/vulnerability-checker/) extension uses [WPScan Vulnerability Database API](https://wpvulndb.com/) and [NVD Nist API](https://nvd.nist.gov/) to bring you **information about vulnerable** **plugins and themes on your Child Sites** so you can act accordingly. Directly from your MainWP Dashboard, you will be able to see vulnerable plugins and themes, what the issues are.

* The Vulnerability database updates itself in real-time, so you don’t miss out on any vulnerabilities.
* Premium plugins and themes are a part of wpvulndb.com.
* Get notified of vulnerabilities.
* Update vulnerable versions
* Delete vulnerable versions

## WPScan Vulnerability Database

The WPScan Vulnerability Database is an online browsable version of WPScan's data files that are used to detect known WordPress core, plugin, and theme vulnerabilities. This database has been compiled by the WPScan Team and various other contributors since WPScan's release. The development of the WPScan Vulnerability Database was funded by [BruCON](http://brucon.org/)'s 5by5 project.

## MainWP NVD Database

This API is free, so it’s a good alternative for users that don’t have an active subscription to the WPVulnDB ([https://wpscan.com/](https://wpscan.com/)). The NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

## Check Your Sites for Vulnerabilities

<Steps>
  <Step title="Login to your MainWP Dashboard" />

  <Step title="Go to the MainWP > Add-ons > Vulnerability Checker Extension page" />

  <Step title="Go to the Overview tab" />

  <Step title="Click the Check all sites button">
    Click the **Check all sites** button<img src="https://mintcdn.com/mainwp/RPovfYRqnTPYvuIf/images/add-ons/vulnerability-checker-check-all.jpg?fit=max&auto=format&n=RPovfYRqnTPYvuIf&q=85&s=148695e0d5e18697c0b70cef97a4ba9e" alt="Screenshot of Vulnerability Checker overview page with Check all sites button highlighted" width="1703" height="810" data-path="images/add-ons/vulnerability-checker-check-all.jpg" />
  </Step>
</Steps>

The Extension will check your sites right away.

### Schedule Scans

If you want the Extension to perform automated checks,

<Steps>
  <Step title="Login to your MainWP Dashboard" />

  <Step title="Go to the MainWP > Add-ons > Vulnerability Checker Extension page" />

  <Step title="Go to the Settings tab" />

  <Step title="Locate the Schedule Scans option" />

  <Step title="Set your preference" />

  <Step title="Save Settings" />
</Steps>

If you want to make sure that WP Cron jobs are regularly triggered on your MainWP Dashboard, you can Authorize the Uptime Robot service and add your dashboard site as a monitor. The Uptime Robot will ping your dashboard site regularly and make sure that all scheduled events are occurring.

### Include the Scan Process in the Sync Process

If you want the Vulnerability Checker extension to check your sites every time you Sync your sites,

<Steps>
  <Step title="Login to your MainWP Dashboard" />

  <Step title="Go to the MainWP > Add-ons > Vulnerability Checker Extension page" />

  <Step title="Go to the Settings tab" />

  <Step title="Locate the Scan sites when syncing option" />

  <Step title="Set the option to YES" />

  <Step title="Save Settings" />
</Steps>

## MainWP NVD API

Since the MainWP Vulnerability Checker Extension 4.1, MainWP NVD API that uses the [NVD Nist API](https://nvd.nist.gov/) to find potential vulnerabilities on your child sites **is available for all users**.

<Note>
  MainWP NVD API requires MainWP Dashboard and MainWP Child 4.1.7 or higher.
</Note>

> The NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

This API is free, so it's a good alternative for users that don't have an active subscription to the WPVulnDB ([https://wpscan.com/](https://wpscan.com/)). To enable the MainWP NVD API,

<Steps>
  <Step title="Go to the MainWP > Add-ons > Vulnerability Checker > Settings page," />

  <Step title="Find the Select Service option and select MainWP NVD API," />

  <Step title="Save Settings." />
</Steps>

Once the API Service has been selected, you can run the scan:

<Steps>
  <Step title="Go to the MainWP > Add-ons > Vulnerability Checker > Overview page," />

  <Step title="Click the Check All Sites button" />
</Steps>

<Warning>
  The NVD Nist API Database cannot be searched by plugin/theme slug (which would be unique for each item). It can only be searched by keyword, which means the API can return some false-positive results.

  For some vulnerabilities, the NVD Nist API lacks the "Fixed in version" info, which can lead to the extension showing vulnerabilities that have already been resolved.

  To remove false positives and get accurate results, use the "Ignore" function for detected vulnerabilities you recognize as false-positive.
</Warning>

***

## Related Resources

* [Security Add-ons](/add-ons/security) - Browse all security tools
* [Managing Plugins with MainWP](/sites/plugins/managing-plugins-with-mainwp) - Plugin management guide
* [How Secure is MainWP](/getting-started/how-secure-is-the-mainwp-plugin) - Security architecture overview