{"id":19433202,"url":"https://github.com/ssnepenthe/soter","last_synced_at":"2026-04-29T14:08:06.667Z","repository":{"id":57058720,"uuid":"47468208","full_name":"ssnepenthe/soter","owner":"ssnepenthe","description":"Check your WordPress site for vulnerabilities against the WPScan Vulnerabilities Database API.","archived":false,"fork":false,"pushed_at":"2017-10-19T23:04:16.000Z","size":316,"stargazers_count":0,"open_issues_count":15,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-07T02:37:28.543Z","etag":null,"topics":["email-notifications","php","slack-notifications","vulnerabilities","wordpress","wordpress-plugin","wpscan-vulnerability-database","wpvulndb"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ssnepenthe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-12-05T18:48:16.000Z","updated_at":"2017-09-27T03:35:06.000Z","dependencies_parsed_at":"2022-08-24T07:30:38.122Z","dependency_job_id":null,"html_url":"https://github.com/ssnepenthe/soter","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/ssnepenthe/soter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssnepenthe%2Fsoter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssnepenthe%2Fsoter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssnepenthe%2Fsoter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssnepenthe%2Fsoter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ssnepenthe","download_url":"https://codeload.github.com/ssnepenthe/soter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssnepenthe%2Fsoter/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260016032,"owners_count":22946319,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["email-notifications","php","slack-notifications","vulnerabilities","wordpress","wordpress-plugin","wpscan-vulnerability-database","wpvulndb"],"created_at":"2024-11-10T14:38:46.528Z","updated_at":"2026-04-29T14:08:01.646Z","avatar_url":"https://github.com/ssnepenthe.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# soter\nThis plugin checks your site for security vulnerabilities against the [WPScan Vulnerability Database](https://wpvulndb.com/) API.\n\nOriginally inspired by the [Sensio Labs Security Checker](https://github.com/sensiolabs/security-checker) and the [Friends of PHP Security Advisories](https://github.com/FriendsOfPHP/security-advisories), which unfortunately do not track WordPress vulnerabilities.\n\nA less intrusive alternative to the [WPScan vulnerability scanner](https://wpscan.org/).\n\nNOTE: This plugin does not verify the integrity of files on your server - it only checks installed packages by name/version against a list of known vulnerabilities provided by the WPScan API.\n\n## Requirements\nWordPress 4.7 or later, PHP 5.4 or later and Composer.\n\n## Installation\n```\n$ composer require ssnepenthe/soter\n```\n\n## Usage\nOnce activated, this plugin will check your site against the WPScan API twice daily and notify you when vulnerabilties are detected.\n\nThe plugin is configurable by visiting `settings \u003e soter` in `wp-admin`:\n\n* **Notification frequency:** Choose whether to receive notifications after every scan where vulnerabilities are detected or only to receive notifications when your sites status changes.\n* **Ignored plugins and themes:** Select any packages that should not be checked against the WPScan API. This is intended for custom packages which are not tracked by the API and therefore would generate unnecessary HTTP requests or possible false positives.\n* **Send email notifications:** Enable/disable email notifications.\n* **Email address:** Provide an email address to notify if other than your site administrator email.\n* **Email type:** Choose whether you prefer HTML or text emails.\n* **Send Slack notifications:** Enable/disable Slack notifications.\n* **Slack WebHook URL:** Provide a URL for a Slack \"Incoming WebHook\" integration if you wish to receive Slack notifications.\n\n## Extending\nThere are two ways to easily extend the functionality of this plugin.\n\n### Via Pimple\nUse the [Pimple `extend()`](https://pimple.symfony.com/#modifying-services-after-definition) method to modify plugin services.\n\nTo add a new notifier, for example, you can extend `notifier_manager`.\n\nThis is the preferred method for adding new notifiers as it will automatically honor the frequency setting configured by the site admin.\n\n```PHP\nclass Sms_Notifier implements Soter\\Notifier_Interface {\n    public function is_enabled() {\n        // Return boolean indicating whether this notifier is currently enabled.\n    }\n\n    public function notify( Soter_Core\\Vulnerabilities $vulnerabilities ) {\n        // Build and send the message.\n    }\n}\n\n_soter_instance()-\u003eextend( 'notifier_manager', function( Soter\\Notifier_Manager $manager, Pimple\\Container $container ) {\n    $manager-\u003eadd( new Sms_Notifier );\n\n    return $manager;\n} );\n```\n\n### Via WordPress hooks\nIn the process of scanning a site, each package is individually checked against the WPScan API.\n\nAfter each package check is complete, the `soter_package_check_complete` action is triggered.\n\n```PHP\nadd_action( 'soter_package_check_complete', function( Soter_Core\\Vulnerabilities $vulnerabilities, Soter_Core\\Response $response ) {\n    switch ( $response-\u003eget_package()-\u003eget_type() ) {\n        case Soter_Core\\Package::TYPE_PLUGIN:\n            // ...\n        case Soter_Core\\Package::TYPE_THEME:\n            // ...\n        case Soter_Core\\Package::TYPE_WORDPRESS:\n            // ...\n    }\n}, 10, 2 );\n```\n\nAfter all package checks are complete, the `soter_site_check_complete` action is triggered.\n\n```PHP\nadd_action( 'soter_site_check_complete', function( Soter_Core\\Vulnerabilities $vulnerabilities ) {\n    foreach ( $vulnerabilities as $vulnerability ) {\n        // ...\n    }\n} );\n```\n\n## Acknowledgements\nThis plugin wouldn't be possible without the work of the [WPScan team](https://github.com/wpscanteam) and their amazing [WPScan Vulnerabilities Database](https://wpvulndb.com/).\n\nThe email templates for this plugin are created from the [Postmark Transactional Email Templates](https://github.com/wildbit/postmark-templates) which are released under the MIT license.\n\n## WP-CLI\nIf it feels more appropriate to you to be checking your site from the command line, you're in luck! [Soter Command](https://github.com/ssnepenthe/soter-command) is a companion package for WP-CLI that allows you to do just that.\n\nThere are also at least two similar command packages available on Github:\n\n* [WP Vulnerability Scanner](https://github.com/10up/wp-vulnerability-scanner) by 10up\n* [WP-sec](https://github.com/markri/wp-sec) by Marco de Krijger\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fssnepenthe%2Fsoter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fssnepenthe%2Fsoter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fssnepenthe%2Fsoter/lists"}