ssnepenthe/soter

Check your WordPress site for vulnerabilities against the WPScan vulnerabilities database API.

Friday, October 20, 2017
by ssnepenthe
Repository
1 Watchers
0 Stars
193 Installations

PHP
0 Dependents
0 Suggesters
1 Forks
15 Open issues
11 Versions
1 % Grown

The README.md

soter

This plugin checks your site for security vulnerabilities against the WPScan Vulnerability Database API., _(*1)

Originally inspired by the Sensio Labs Security Checker and the Friends of PHP Security Advisories, which unfortunately do not track WordPress vulnerabilities., _(*2)

A less intrusive alternative to the WPScan vulnerability scanner., _(*3)

NOTE: This plugin does not verify the integrity of files on your server - it only checks installed packages by name/version against a list of known vulnerabilities provided by the WPScan API., _(*4)

Requirements

WordPress 4.7 or later, PHP 5.4 or later and Composer., _(*5)

Installation

$ composer require ssnepenthe/soter

Usage

Once activated, this plugin will check your site against the WPScan API twice daily and notify you when vulnerabilties are detected., _(*6)

The plugin is configurable by visiting settings > soter in wp-admin:, _(*7)

Notification frequency: Choose whether to receive notifications after every scan where vulnerabilities are detected or only to receive notifications when your sites status changes.
Ignored plugins and themes: Select any packages that should not be checked against the WPScan API. This is intended for custom packages which are not tracked by the API and therefore would generate unnecessary HTTP requests or possible false positives.
Send email notifications: Enable/disable email notifications.
Email address: Provide an email address to notify if other than your site administrator email.
Email type: Choose whether you prefer HTML or text emails.
Send Slack notifications: Enable/disable Slack notifications.
Slack WebHook URL: Provide a URL for a Slack "Incoming WebHook" integration if you wish to receive Slack notifications.

Extending

There are two ways to easily extend the functionality of this plugin., _(*8)

Via Pimple

Use the Pimple extend() method to modify plugin services., _(*9)

To add a new notifier, for example, you can extend notifier_manager., _(*10)

This is the preferred method for adding new notifiers as it will automatically honor the frequency setting configured by the site admin., _(*11)

class Sms_Notifier implements Soter\Notifier_Interface {
    public function is_enabled() {
        // Return boolean indicating whether this notifier is currently enabled.
    }

    public function notify( Soter_Core\Vulnerabilities $vulnerabilities ) {
        // Build and send the message.
    }
}

_soter_instance()->extend( 'notifier_manager', function( Soter\Notifier_Manager $manager, Pimple\Container $container ) {
    $manager->add( new Sms_Notifier );

    return $manager;
} );

Via WordPress hooks

In the process of scanning a site, each package is individually checked against the WPScan API., _(*12)

After each package check is complete, the soter_package_check_complete action is triggered., _(*13)

add_action( 'soter_package_check_complete', function( Soter_Core\Vulnerabilities $vulnerabilities, Soter_Core\Response $response ) {
    switch ( $response->get_package()->get_type() ) {
        case Soter_Core\Package::TYPE_PLUGIN:
            // ...
        case Soter_Core\Package::TYPE_THEME:
            // ...
        case Soter_Core\Package::TYPE_WORDPRESS:
            // ...
    }
}, 10, 2 );

After all package checks are complete, the soter_site_check_complete action is triggered., _(*14)

add_action( 'soter_site_check_complete', function( Soter_Core\Vulnerabilities $vulnerabilities ) {
    foreach ( $vulnerabilities as $vulnerability ) {
        // ...
    }
} );

Acknowledgements

This plugin wouldn't be possible without the work of the WPScan team and their amazing WPScan Vulnerabilities Database., _(*15)

The email templates for this plugin are created from the Postmark Transactional Email Templates which are released under the MIT license., _(*16)

WP-CLI

If it feels more appropriate to you to be checking your site from the command line, you're in luck! Soter Command is a companion package for WP-CLI that allows you to do just that., _(*17)

There are also at least two similar command packages available on Github:, _(*18)

WP Vulnerability Scanner by 10up
WP-sec by Marco de Krijger

The Versions

20/10 2017

dev-master

9999999-dev https://github.com/ssnepenthe/soter

Check your WordPress site for vulnerabilities against the WPScan vulnerabilities database API.

Sources Download

GPL-2.0

The Requires

The Development Requires

psy/psysh ^0.8

20/10 2017

0.5.1

0.5.1.0 https://github.com/ssnepenthe/soter

Check your WordPress site for vulnerabilities against the WPScan vulnerabilities database API.

Sources Download

GPL-2.0

The Requires

The Development Requires

psy/psysh ^0.8

24/09 2017

0.5.0

0.5.0.0 https://github.com/ssnepenthe/soter

Check your WordPress site for vulnerabilities against the WPScan vulnerabilities database API.

Sources Download

GPL-2.0

The Requires

The Development Requires

31/01 2017

0.4.0

0.4.0.0 https://github.com/ssnepenthe/soter

Check your full site for vulnerabilities against the WPScan vulnerabilities database API.

Sources Download

GPL-2.0

The Requires

php >=5.6
composer/installers ^1.0

The Development Requires

08/06 2016

0.3.0

0.3.0.0 https://github.com/ssnepenthe/soter

Check your full site for vulnerabilities against the WPVulnDB API.

Sources Download

GPL-2.0

The Requires

php >=5.5

The Development Requires

12/05 2016

0.2.1

0.2.1.0 https://github.com/ssnepenthe/soter

Check your Composer dependencies for security vulnerabilities against the WPVulnDB API.

Sources Download

GPL-2.0

The Requires

The Development Requires

11/05 2016

0.2.0

0.2.0.0 https://github.com/ssnepenthe/soter

Check your Composer dependencies for security vulnerabilities against the WPVulnDB API.

Sources Download

GPL-2.0

The Requires

The Development Requires

29/02 2016

0.1.4

0.1.4.0 https://github.com/ssnepenthe/soter

Check your Composer dependencies for security vulnerabilities against the WPVulnDB API.

Sources Download

GPL-2.0

The Requires

php >=5.4
ssnepenthe/composer-utilities ^0.2.1
symfony/console ~2.0||~3.0

06/01 2016

0.1.3

0.1.3.0 https://github.com/ssnepenthe/soter

Check your Composer dependencies for security vulnerabilities against the WPVulnDB API.

Sources Download

GPL-2.0

The Requires

php >=5.4
ssnepenthe/composer-utilities ^0.1.0
symfony/console ~2.0||~3.0

04/01 2016

0.1.2

0.1.2.0 https://github.com/ssnepenthe/soter

Check your Composer dependencies for security vulnerabilities against the WPVulnDB API.

Sources Download

GPL-2.0

The Requires

php >=5.4
ssnepenthe/composer-utilities ^0.1.0
symfony/console ^3.0

12/12 2015

0.1.0

0.1.0.0 https://github.com/ssnepenthe/soter

Check your Composer dependencies against the WPVulnDB API and the Sensio Labs Security Advisory Database.

Sources Download

GPL-2.0

The Requires

php >=5.4
ssnepenthe/composer-utilities ^0.1.0
symfony/console ^3.0

wordpress-plugin soter

Check your WordPress site for vulnerabilities against the WPScan vulnerabilities database API.

ssnepenthe/soter

The README.md

soter

Requirements

Installation

Usage

Extending

Via Pimple

Via WordPress hooks

Acknowledgements

WP-CLI

The Versions

dev-master

The Requires

The Development Requires

0.5.1

The Requires

The Development Requires

0.5.0

The Requires

The Development Requires

0.4.0

The Requires

The Development Requires

0.3.0

The Requires

The Development Requires

0.2.1

The Requires

The Development Requires

0.2.0

The Requires

The Development Requires

0.1.4

The Requires

0.1.3

The Requires

0.1.2

The Requires

0.1.0

The Requires