All you have to do is follow our straightforward color codes: green when everything is good; yellow: needs improvement; red: definitely needs attention. You also receive an overall score for the month and information how it has changed in comparison with the previous month.Daniel Kanchev
After the first report, I could have unsubscribed from the Monthly Security Reports already. This new feature from SiteGround turned out to be nothing more than masked advertising as expected. However, I was curious to see how similar the second report would be compared to the first one.
0% from previous month
I will not purchase Site Scanner, SiteGround paid service to detect – not protect – if your website has been compromised by Malware threats. Therefore, I was not expecting any change in my Malware prevention score: 0/20. Let me reiterate that I do have a Security Scanner, not the one provided by SiteGround, though! So, I don’t need to use their Site Scanner Premium service.
In other words, I cannot envisage any improvement. On the other hand, my perfect score – 20/20 – for Detected security incidents could go down if SiteGround would detect any security issues with my site. That is why, when I saw that my score dropped
-3.96% from previous month, I first panicked.
But when I looked at the breakdown of the results, I realized nothing was alarming. Everything was the same; everything except one:
WordPress application security – Checks the overall security of your WordPress application – if you are using our managed update service, if you have outdated plugins and themes, and if you have activated our WordPress security plugin.
Indeed, in the previous month’s report, I had
WordPress plugins are updated, hence a 4/4 score. However, this time the notification was something quite different:
You have 1 outdated plugins
Please update all your plugins (learn how) and delete the ones you do not use to keep your site safe.
As it turned out, a new update for one of my plugins had been released before the SiteGround check. I knew about it – because I was immediately notified by my security plugin (before SiteGround monthly report) – but I had no time to update it at the time. It was just a matter of hours; yet, this not-yet-updated plugin cost me all 4 points. How ridiculous!
This is not the first time I cover this issue (see A reaction plugin 2: temporary measures); yet, back then I referred to them as Abandoned plugins. As already explained, the so-called plugins are those that have not been updated for several years. This means no bug fix, no adjustment to the code (to account for changes in WordPress core), and, what is more, no patch to security holes. Unfortunately, this is the fate of many plugins in the realm of WordPress.
A WordPress plugin can become outdated if it hasn’t received any updates for a while, or if it hasn’t been tested by the plugin author to ensure it’s compatibility with the latest 3 major releases of WordPress.Syed Balkhi
There is actually a plugin – Outdated Plugin Notifier By Carl Gross – that monitors your plugins and notifies you when one becomes abandoned by its developer. I don’t use it because the security plugin I mentioned earlier – not the one by SiteGround – does provide me with this functionality already. Importantly, as opposed to the SiteGround security report, the security plugin I am using knows the difference between a plugin that needs to be updated (after the release of a new version) and one that is no longer maintained and/or supported.
Now, despite the uselessness of this report, I will not – at least not yet – unsubscribe from this feature. I am still curious to see whether the Detected security incidents component does indeed supersedes Site Scanner (see SiteGround Website Security Reports).