Get security notifications about your WordPress site in Slack

This post describes how your can receive Slack notifications if any vulnerable themes or plugins are found within your WordPress installation.

Pre-requisite: You’ll need the WordPress Plugin Security Scanner installed and activated.

Here is what we’re aiming to achieve — an automatic Slack notification about a WordPress vulnerability:

To start with you need to add a new incoming webhook integration into your Slack. You can do this by visiting Slack Incoming Webhooks page.

Choose whether you want notifications to go into a channel, or as a direct message

Grab the Webhook URL, you’ll need this later

Under “Integration Settings”, enter “wordpress-plugin-security-scanner” in the “Customize Name” field.

You’ll get a confirmation in your Slack to confirm the integration has been added

Log into your WordPress admin and go to Settings -> General. Tick the Webhook notification option, and paste in the Webhook URL that you copied earlier:

In your WordPress theme’s functions.php file add the following:

function pluginsecurityscanner_webhook_message($vulnerabilities)
{
    $vulnerabilities = json_decode($vulnerabilities);

    if (count($vulnerabilities)) {
        foreach ( $vulnerabilities as $plugin_name => $plugin_vulnerabilities ) {
            foreach ( $plugin_vulnerabilities as $vuln ) {
                $text .= __( 'Vulnerability found', 'plugin-security-scanner' ) . ': ' . $vuln->title . "\n";
            }
        }
    }
    else {
        // if you want to receive a notification when NO vulnerabilities are found, uncomment this line
        // $text = 'No vulnerabilities found!';

        $text = '';
    }

    $msg = array('text' => $text);

    return json_encode($msg);
}
add_filter('pluginsecurityscanner_webhook_message', 'pluginsecurityscanner_webhook_message');

Save your functions.php file and your notification system will be up and running!

Please note: If you are installing the plugin security scanner on a commercial website, there is a support licence available.

Glen Scott

I’m a freelance software developer with 18 years’ professional experience in web development. I specialise in creating tailor-made, web-based systems that can help your business run like clockwork. I am the Managing Director of Yellow Square Development.

More Posts

Follow Me:
TwitterFacebookLinkedIn

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.