Tag Archives: wordpress

Get security notifications about your WordPress site in Slack

This post describes how your can receive Slack notifications if any vulnerable themes or plugins are found within your WordPress installation.

Pre-requisite: You’ll need the WordPress Plugin Security Scanner installed and activated.

Here is what we’re aiming to achieve — an automatic Slack notification about a WordPress vulnerability:

To start with you need to add a new incoming webhook integration into your Slack. You can do this by visiting Slack Incoming Webhooks page.

Choose whether you want notifications to go into a channel, or as a direct message

Grab the Webhook URL, you’ll need this later

Under “Integration Settings”, enter “wordpress-plugin-security-scanner” in the “Customize Name” field.

You’ll get a confirmation in your Slack to confirm the integration has been added

Log into your WordPress admin and go to Settings -> General. Tick the Webhook notification option, and paste in the Webhook URL that you copied earlier:

In your WordPress theme’s functions.php file add the following:

function pluginsecurityscanner_webhook_message($vulnerabilities)
{
    $vulnerabilities = json_decode($vulnerabilities);

    if (count($vulnerabilities)) {
        foreach ( $vulnerabilities as $plugin_name => $plugin_vulnerabilities ) {
            foreach ( $plugin_vulnerabilities as $vuln ) {
                $text .= __( 'Vulnerability found', 'plugin-security-scanner' ) . ': ' . $vuln->title . "\n";
            }
        }
    }
    else {
        // if you want to receive a notification when NO vulnerabilities are found, uncomment this line
        // $text = 'No vulnerabilities found!';

        $text = '';
    }

    $msg = array('text' => $text);

    return json_encode($msg);
}
add_filter('pluginsecurityscanner_webhook_message', 'pluginsecurityscanner_webhook_message');

Save your functions.php file and your notification system will be up and running!

Please note: If you are installing the plugin security scanner on a commercial website, there is a support licence available.

Glen Scott

I’m a freelance software developer with 18 years’ professional experience in web development. I specialise in creating tailor-made, web-based systems that can help your business run like clockwork. I am the Managing Director of Yellow Square Development.

More Posts

Follow Me:
TwitterFacebookLinkedIn

Are you running a WordPress site?

If so, you may be interested in a new service that gives you more insurance about your WordPress powered site.

It’s called WordPress Peace of Mind, and includes backups, security scanning and system updates. Above all it allows you to focus on the interesting parts of WordPress, without having to worry about the boring bits.

Glen Scott

I’m a freelance software developer with 18 years’ professional experience in web development. I specialise in creating tailor-made, web-based systems that can help your business run like clockwork. I am the Managing Director of Yellow Square Development.

More Posts

Follow Me:
TwitterFacebookLinkedIn

New Blog Design

I’ve installed a new WordPress Theme to freshen things up a bit. It’s called Spotlight and I think it’s a nice minimalist design, with enough flair to keep the page looking interesting.

Let me know what you think!

Glen Scott

I’m a freelance software developer with 18 years’ professional experience in web development. I specialise in creating tailor-made, web-based systems that can help your business run like clockwork. I am the Managing Director of Yellow Square Development.

More Posts

Follow Me:
TwitterFacebookLinkedIn

WordPress Upgrade

This evening I upgraded WordPress to version 2.5. All seems good so far, but please let me know if you spot any oddities.

Glen Scott

I’m a freelance software developer with 18 years’ professional experience in web development. I specialise in creating tailor-made, web-based systems that can help your business run like clockwork. I am the Managing Director of Yellow Square Development.

More Posts

Follow Me:
TwitterFacebookLinkedIn