1 Since the plugin must be updated in order for it to detect vulnerabilities and there haven't been any new vulnerabilities added in almost 4 years this isn't usually very as security plugin..
2 Since users will update the plugin for it to be able to detect new vulnerabilities chances are that they've only installed the security patch to the resistant plugin by the time this plugin informs them of the number.
3 The plugin includes the list of vulnerabilities directly in the plugin issues.
For I'm finding combination of Wordfence and Plugin Security Scanner to be cheap since they both run scans automatically on daily details and send email notifications if files are found..
Among many security features Wordfence scans plugin issues and compares them to the original versions from WordPress repository.
It generates notifys if plugins are out of date and it shows the changes to the files site admins can well see whether they were automatically done or whether they are indeed malicious.
It also rechecks for certificate of known malicious files and scans file contents and the directory for backdoors virus and aware code..
As for Plugin Security Scanner it determines what any plugins have security vulnerabilities by looking up details in the WPScan Vulnerability Database.
Read more
Related items:
