PHPackages ssnepenthe/soter - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. ssnepenthe/soter AbandonedWordpress-plugin[Security](/categories/security) ssnepenthe/soter ================ Check your WordPress site for vulnerabilities against the WPScan vulnerabilities database API. 0.5.1(8y ago)02171[15 issues](https://github.com/ssnepenthe/soter/issues)GPL-2.0PHPPHP >=5.4 Since Dec 12Pushed 8y ago2 watchersCompare [ Source](https://github.com/ssnepenthe/soter)[ Packagist](https://packagist.org/packages/ssnepenthe/soter)[ Docs](https://github.com/ssnepenthe/soter)[ RSS](/packages/ssnepenthe-soter/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependencies (7)Versions (11)Used By (0) soter ===== [](#soter) This plugin checks your site for security vulnerabilities against the [WPScan Vulnerability Database](https://wpvulndb.com/) API. Originally inspired by the [Sensio Labs Security Checker](https://github.com/sensiolabs/security-checker) and the [Friends of PHP Security Advisories](https://github.com/FriendsOfPHP/security-advisories), which unfortunately do not track WordPress vulnerabilities. A less intrusive alternative to the [WPScan vulnerability scanner](https://wpscan.org/). NOTE: This plugin does not verify the integrity of files on your server - it only checks installed packages by name/version against a list of known vulnerabilities provided by the WPScan API. Requirements ------------ [](#requirements) WordPress 4.7 or later, PHP 5.4 or later and Composer. Installation ------------ [](#installation) ``` $ composer require ssnepenthe/soter ``` Usage ----- [](#usage) Once activated, this plugin will check your site against the WPScan API twice daily and notify you when vulnerabilties are detected. The plugin is configurable by visiting `settings > soter` in `wp-admin`: - **Notification frequency:** Choose whether to receive notifications after every scan where vulnerabilities are detected or only to receive notifications when your sites status changes. - **Ignored plugins and themes:** Select any packages that should not be checked against the WPScan API. This is intended for custom packages which are not tracked by the API and therefore would generate unnecessary HTTP requests or possible false positives. - **Send email notifications:** Enable/disable email notifications. - **Email address:** Provide an email address to notify if other than your site administrator email. - **Email type:** Choose whether you prefer HTML or text emails. - **Send Slack notifications:** Enable/disable Slack notifications. - **Slack WebHook URL:** Provide a URL for a Slack "Incoming WebHook" integration if you wish to receive Slack notifications. Extending --------- [](#extending) There are two ways to easily extend the functionality of this plugin. ### Via Pimple [](#via-pimple) Use the [Pimple `extend()`](https://pimple.symfony.com/#modifying-services-after-definition) method to modify plugin services. To add a new notifier, for example, you can extend `notifier_manager`. This is the preferred method for adding new notifiers as it will automatically honor the frequency setting configured by the site admin. ``` class Sms_Notifier implements Soter\Notifier_Interface { public function is_enabled() { // Return boolean indicating whether this notifier is currently enabled. } public function notify( Soter_Core\Vulnerabilities $vulnerabilities ) { // Build and send the message. } } _soter_instance()->extend( 'notifier_manager', function( Soter\Notifier_Manager $manager, Pimple\Container $container ) { $manager->add( new Sms_Notifier ); return $manager; } ); ``` ### Via WordPress hooks [](#via-wordpress-hooks) In the process of scanning a site, each package is individually checked against the WPScan API. After each package check is complete, the `soter_package_check_complete` action is triggered. ``` add_action( 'soter_package_check_complete', function( Soter_Core\Vulnerabilities $vulnerabilities, Soter_Core\Response $response ) { switch ( $response->get_package()->get_type() ) { case Soter_Core\Package::TYPE_PLUGIN: // ... case Soter_Core\Package::TYPE_THEME: // ... case Soter_Core\Package::TYPE_WORDPRESS: // ... } }, 10, 2 ); ``` After all package checks are complete, the `soter_site_check_complete` action is triggered. ``` add_action( 'soter_site_check_complete', function( Soter_Core\Vulnerabilities $vulnerabilities ) { foreach ( $vulnerabilities as $vulnerability ) { // ... } } ); ``` Acknowledgements ---------------- [](#acknowledgements) This plugin wouldn't be possible without the work of the [WPScan team](https://github.com/wpscanteam) and their amazing [WPScan Vulnerabilities Database](https://wpvulndb.com/). The email templates for this plugin are created from the [Postmark Transactional Email Templates](https://github.com/wildbit/postmark-templates) which are released under the MIT license. WP-CLI ------ [](#wp-cli) If it feels more appropriate to you to be checking your site from the command line, you're in luck! [Soter Command](https://github.com/ssnepenthe/soter-command) is a companion package for WP-CLI that allows you to do just that. There are also at least two similar command packages available on Github: - [WP Vulnerability Scanner](https://github.com/10up/wp-vulnerability-scanner) by 10up - [WP-sec](https://github.com/markri/wp-sec) by Marco de Krijger ### Health Score 26 — LowBetter than 41% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community9 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~75 days Recently: every ~131 days Total 10 Last Release 3172d ago PHP version history (3 changes)0.1.0PHP >=5.4 0.2.0PHP >=5.5 0.4.0PHP >=5.6 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/10903810?v=4)[ssnepenthe](/maintainers/ssnepenthe)[@ssnepenthe](https://github.com/ssnepenthe) --- Top Contributors [![ssnepenthe](https://avatars.githubusercontent.com/u/10903810?v=4)](https://github.com/ssnepenthe "ssnepenthe (269 commits)") --- Tags email-notificationsphpslack-notificationsvulnerabilitieswordpresswordpress-pluginwpscan-vulnerability-databasewpvulndb ### Embed Badge ![Health badge](/badges/ssnepenthe-soter/health.svg) ``` [![Health](https://phpackages.com/badges/ssnepenthe-soter/health.svg)](https://phpackages.com/packages/ssnepenthe-soter) ``` ### Alternatives [prestashop/prestashop PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. 9.1k16.8k](/packages/prestashop-prestashop)[helsingborg-stad/municipio A bootstrap theme for creating municipality sites. 4028.3k10](/packages/helsingborg-stad-municipio)[johnbillion/user-switching Instant switching between user accounts in WordPress and WooCommerce. 19972.6k2](/packages/johnbillion-user-switching)[pressbooks/pressbooks Pressbooks is an open source book publishing tool built on a WordPress multisite platform. Pressbooks outputs books in multiple formats, including PDF, EPUB, web, and a variety of XML flavours, using a theming/templating system, driven by CSS. 45344.0k1](/packages/pressbooks-pressbooks)[pressbooks/pressbooks-book This theme is named after Canadian media theorist Marshall McLuhan, who coined the phrase “the medium is the message.” It is designed for academic writing and is also suitable for fiction. Headings are set in Cormorant Garamond, and body type is set in Lora. 206.7k](/packages/pressbooks-pressbooks-book) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)