We’re excited to announce plugin vulnerability notifications on WordPress VIP, enabling rapid triage and response from your teams, and enhancing your site’s security.
Effective immediately, key members of your team will automatically receive emails for HIGH and CRITICAL plugin vulnerabilities, ensuring you can take prompt action on essential security concerns. This critical notification feature is called “Important Alerts”.
Want more comprehensive coverage? Opt in to receive notifications for any vulnerabilities. All delivered through your preferred channels—Slack, Google Chat, Microsoft Teams, a webhook, or email.
We care deeply about the security of your applications running on the WordPress VIP Platform. One of the key methods we utilize to keep your application secure is vulnerability detection.
The VIP platform scans for vulnerabilities before deployment and at regular intervals after deployment, keeping you informed of vulnerabilities found. We scan the code in every pull request for known vulnerabilities before it is deployed, reporting results in easy to read GitHub comments. Deployed code is scanned for newly discovered vulnerabilities, reported on the VIP Dashboard plugins panel where you can easily create a pull request to update the plugin and fix the issue.
Today, we’re adding notifications of all newly uncovered vulnerabilities discovered in your plugins. You can choose a combination of Slack, Google Chat, or Microsoft Teams, a general-purpose webhook URL, or an email address as destinations for plugin vulnerability notifications.
If we find a vulnerability with a severity of HIGH or CRITICAL, we will proactively push an Important Alert. Important Alerts are automatically emailed to all your Organization Administrators. You can easily add additional destinations from the array of supported communications channels, ensuring critical messages always reach the right members of your team or are routed to your own on-call management systems.
To manage your destinations for important alerts:
- For any organization choose “Notifications” from the left hand menu
- Choose “Manage Alerts” from the “Important Alerts” area near the top of the screen
- …from the “Important Alerts” panel the customer can add new or existing destinations, and remove any destinations previously added
To subscribe to newly discovered plugin vulnerabilities for an organisation or application:
- For any organization or any application environment choose “Notifications” from the left hand menu
- “Add Notification” and choose “Plugin Vulnerabilities”, then configure your notification as usual
If you have any questions or concerns related to this upcoming change, please open a support ticket and we will be happy to assist.
You must be logged in to post a comment.