Detect Security Bugs Using Vulnerability Scanner
Emmad avatar
Written by Emmad
Updated over a week ago

Table of Contents

At Cloudways, we've always been committed to simplifying web hosting and implementing the best security practices. Teaming up with PatchStack allowed us to further that mission by introducing a revolutionary Vulnerability Scanner, an essential tool designed to safeguard WordPress applications.

In this article, we will look at what a Vulnerability Scanner is and how it can help you stay proactive in protecting your WordPress applications.

Before diving deep, let's understand vulnerability, threat, and exploit.

  • Vulnerabilities are weaknesses or flaws within websites that could be exploited by potential threats.

  • Threats encompass any potential dangers, whether posed by cybercriminals, malware, or other malicious entities, that could take advantage of these vulnerabilities to compromise website security.

  • Exploits are the tools, techniques, or code used to capitalize on specific vulnerabilities, serving as how threats breach systems or networks.

Therefore, the goal is to identify and address vulnerabilities to avoid potential threats and their corresponding exploit methods, ensuring that the website is always protected.

What is Vulnerability Scanner

The Vulnerability Scanner, powered by PatchStack, is a dedicated solution meticulously designed for real-time monitoring and immediate notification of potential threats lurking within your WordPress application's components. Its primary function is to comprehensively scan your application and detect vulnerabilities within your website core, themes, and plugins. Beyond detection, the scanner proactively informs you of these vulnerabilities and offers insightful recommendations to mitigate risks effectively.

This scanner plays a pivotal role in maintaining the security of your application by ensuring you stay well-informed about potential threats that could be exploited by malicious actors. It functions as a vigilant guardian, tirelessly identifying vulnerable themes and plugins within your WordPress application and promptly notifying you about them. This ensures you can take swift and informed actions to prevent hacking attempts, bolstering your website's defenses.

While the Vulnerability Scanner is adept at mitigating possible vulnerabilities, it's essential to recognize that no system is entirely immune to exploitation. However, its capabilities align perfectly with our overarching goals at Cloudways - to empower and educate our customers in the pursuit of robust website security.


It's important to note that this solution operates independently, which means it doesn't require any additional plugins to be installed on your site for detecting vulnerabilities. It seamlessly integrates with your WordPress applications, offering a hassle-free and effective approach to strengthening your WordPress applications.

Why Should You Use Vulnerability Scanner

A common challenge we've observed is that many website owners refrain from updating their applications, believing their sites to be secure. In the view that 'if it's not broken, there's no need to fix it,' they often leave their websites vulnerable to unforeseen threats.

The Vulnerability Scanner serves as an education tool, bridging this knowledge gap by raising awareness about potential vulnerabilities and security gaps, thereby encouraging you to take proactive measures to keep your websites secure.

With this Vulnerability Scanner, you are ahead of the rest of the world in identifying those vulnerabilities within your application even before they are announced publicly. Once they are announced, the websites with those vulnerabilities are on target by malicious actors.

How to Use Vulnerability Scanner

Here's how you can view all the vulnerabilities of your application and learn how to use it.


Vulnerability Scanner is only available on Cloudways New Interface for WordPress applications, including WooCommerce and Multisite.

Log in to your Cloudways Platform using your credentials.

  1. From the top menu bar, open Servers.

  2. Then, choose the server where your desired application is deployed.

  3. Next, click www.

  4. Choose your application.

  5. Under Application Management, select Vulnerability Scanner.

  6. Here, you will notice the following three sections, e.g., Core, Plugins, and Themes in which you can check which items are secured and which either require an upgrade or need to be deactivated and removed. Here, you must look at the 'Status' and 'Recommendation' columns.

    1. Secure: It means that there is no known vulnerabilities.

    2. Insecure: Here we have two scenarios:

      1. Update is available from plugin/theme developer

      2. Update is unavailable so you need to remove the plugin/theme.

  7. You may also click Refresh to run a fresh vulnerability scan check to review the vulnerabilities. This option is useful when you have executed the pending WordPress updates recently and now you want to verify if they are all secured. Please note that you can only refresh every 10 minutes.

  8. The View Details button will take you the vulnerability report of that specific item provided by PatchStack once vulnerability is detected.


For any queries concerning these vulnerabilities, it would be best to get in touch with the respective theme/plugin author. While we ourselves can’t fix the theme/plugin, we are glad to provide information and help manage your WordPress updates.

You also get notifications via email and slack/custom channel set using CloudwaysBot when vulnerabilities are detected.

Please note that there may have been a minor time gap between the vulnerability scan of your application and the delivery of this notification. If you have already resolved these issues, you can simply disregard this message.


With SafeUpdates, you can enjoy peace of mind like never before. Our cutting-edge service removes the heavy lifting by automatically updating your WordPress core, plugins, and themes. This means you can rest easy, knowing potential vulnerabilities are swiftly addressed. It's like having a dedicated security guard for your website, ensuring your online presence remains safe and sound. Stay worry-free with SafeUpdates, and let us keep your site up-to-date and secure!

That’s it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.


Is the Vulnerability Scanner also a malware scanner?

No, the Vulnerability Scanner is not a malware scanner. While a malware scanner detects and removes malicious code, the Vulnerability Scanner focuses on identifying weaknesses and flaws in your WordPress application, providing insights into potential threats before they can be exploited.

Why should I use the Cloudways Vulnerability Scanner?

The Cloudways Vulnerability Scanner is essential for real-time monitoring and immediate notification of potential threats within your WordPress application. It proactively scans and detects vulnerabilities in your website's core, themes, and plugins, empowering you to quickly strengthen your website's defenses.

How do I utilize the Vulnerability Scanner on Cloudways?

To use the Vulnerability Scanner on Cloudways, please follow this step-by-step guide.

Can the Vulnerability Scanner fix vulnerabilities in themes or plugins?

No, the Vulnerability Scanner operates independently and doesn't directly fix vulnerabilities in themes or plugins. It serves as a monitoring and notification tool. For any queries or actions regarding vulnerabilities, it's recommended to contact the respective theme or plugin author. However, Cloudways is available to provide information and assistance in managing WordPress updates.

How does the Vulnerability Scanner contribute to website security?

The Vulnerability Scanner enhances website security by acting as a vigilant guardian. It raises awareness about potential vulnerabilities, educates users about security gaps, and encourages proactive measures to keep websites secure. By staying informed about vulnerabilities before they are publicly announced, users can take preemptive actions to protect their WordPress applications from potential threats.

Did this answer your question?