Get security notifications about your WordPress site in Slack

Leave a reply

This post describes how your can receive Slack notifications if any vulnerable themes or plugins are found within your WordPress installation.

Pre-requisite: You’ll need the WordPress Plugin Security Scanner installed and activated.

Here is what we’re aiming to achieve — an automatic Slack notification about a WordPress vulnerability:

To start with you need to add a new incoming webhook integration into your Slack. You can do this by visiting Slack Incoming Webhooks page.

Choose whether you want notifications to go into a channel, or as a direct message

Grab the Webhook URL, you’ll need this later

Under “Integration Settings”, enter “wordpress-plugin-security-scanner” in the “Customize Name” field.

You’ll get a confirmation in your Slack to confirm the integration has been added

Log into your WordPress admin and go to Settings -> General. Tick the Webhook notification option, and paste in the Webhook URL that you copied earlier:

In your WordPress theme’s functions.php file add the following:

function pluginsecurityscanner_webhook_message($vulnerabilities)
{
    $vulnerabilities = json_decode($vulnerabilities);

    if (count($vulnerabilities)) {
        foreach ( $vulnerabilities as $plugin_name => $plugin_vulnerabilities ) {
            foreach ( $plugin_vulnerabilities as $vuln ) {
                $text .= __( 'Vulnerability found', 'plugin-security-scanner' ) . ': ' . $vuln->title . "\n";
            }
        }
    }
    else {
        // if you want to receive a notification when NO vulnerabilities are found, uncomment this line
        // $text = 'No vulnerabilities found!';

        $text = '';
    }

    $msg = array('text' => $text);

    return json_encode($msg);
}
add_filter('pluginsecurityscanner_webhook_message', 'pluginsecurityscanner_webhook_message');

Save your functions.php file and your notification system will be up and running!

Please note: If you are installing the plugin security scanner on a commercial website, there is a support licence available.

Glen Scott

I’m a freelance software developer with 18 years’ professional experience in web development. I specialise in creating tailor-made, web-based systems that can help your business run like clockwork. I am the Managing Director of Yellow Square Development.

More Posts

Follow Me:
TwitterFacebookLinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.