Can WordFence monitor themes and plugins not in the WordPress repository?

  • Resolved MarjoriesDaughter

    (@marjoriesdaughter)


    2 years ago

    In trying to convince clients that they should stick with themes and plugins that are in the WordPress repository, I try to explain that they are difficult to monitor, especially themes that tend to bundle plugins that are also not in the repository.

    Is this still a barrier for WordFence to actively monitor these themes and plugins?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @marjoriesdaughter, thanks for your question and using Wordfence for your client’s sites.

    You’re correct that Wordfence checks the www.ads-software.com repository (or the “official” way to install plugins from WordPress > Plugins > Add New) for its abandoned and out-of-date plugin checks.

    There’s more emphasis with plugins and themes installed from external marketplaces for site admins to be vigilant in making sure they’re always kept up-to-date. Patches being missed could result in a vulnerability being exploited, or compatibility issues as WordPress is updated over time.

    However, due to CVE records or our own Threat Intelligence work, it is possible for known vulnerable plugins from other sources being flagged during Wordfence scans.

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Can WordFence monitor themes and plugins not in the WordPress repository?’ is closed to new replies.