Revision: September 06, 2021
Getting quickly informed when a security update is available in your themes or plugins is an important factor in keeping your website safe.
A few months ago, we introduced a new feature in our WordPress WAF plugin, NinjaFirewall (WP/WP+ Edition):
Enabled by default in the Event Notifications page, this feature automatically informs you by email when there’s a security update available. Here’s an example of notification sent by NinjaFirewall:
In addition to email notifications, NinjaFirewall will also highlight the plugin in the WordPress admin dashboard:
Every hour, NinjaFirewall connects to our servers, downloads the list of the latest security updates (<3 months) available and compares it to the themes and plugins installed on your blog. If one of them is in that list, you’re immediately notified and asked to update it.
However, the most interesting part of that feature is that it will not alert you about known vulnerabilities only, but about undisclosed ones as well. For instance, there are currently 260+ recent security updates in our list, but only 60 of them have been publicly disclosed, either by us or by other security companies or individuals. 200 of them – or 77% – are and will remain undisclosed for various reasons.