— Get started · Introduction
What is vScan?
vScan continuously monitors your WordPress site for known vulnerabilities — inventorying every plugin, theme, core file, and runtime, then cross-referencing against a live CVE feed.
What vScan does
- Inventories your site — every active and inactive plugin, every theme, WordPress core, PHP runtime, web server software, and loaded PHP extensions.
- Checks for CVEs — sends the inventory to the AskarLabs API, which cross-references it against a continuously updated vulnerability database.
- Calculates a Security Score — a 0–100 score that reflects how many vulnerable items you have and how severe their CVEs are.
- Shows actionable results — a filterable table listing every scanned item, its status (Vulnerable / Secure / Unknown), and direct links to CVE records on the National Vulnerability Database (NVD).
- Scans automatically — runs on a schedule without you needing to remember to check (Free plan: once per day; Premium: up to 25 times per day).
Key concepts
| Concept | What it means |
|---|---|
| Inventory | The full list of software components collected from your site before each scan |
| CVE | A public vulnerability record (Common Vulnerabilities and Exposures) with an ID, severity, and description |
| Security Score | A 0–100 number that summarises your site's vulnerability posture |
| API key | Your personal credential that connects the plugin to the AskarLabs vulnerability feed |
| Domain binding | Your API key is permanently locked to the site it is first saved on |
| Rate limit | The maximum number of scans you can trigger within a 24-hour window |
How a scan works
- The plugin collects your full site inventory.
- The inventory is sent securely to the AskarLabs API over HTTPS.
- The API enriches each item with
statusandcvesfields and returns the result. - The plugin stores the enriched results and recalculates your Security Score.
- The dashboard updates to show the latest findings.
The whole process typically takes under 30 seconds.
Documentation map
| Page | What it covers |
|---|---|
| Installation | Installing and activating the plugin |
| Getting started | First-time setup and connecting your API key |
| Dashboard | Reading the scan results dashboard |
| Security score | How the security score is calculated |
| What gets scanned | Everything the plugin inventories |
| Scanning | Manual scans, automatic scheduling, and scan history |
| API key | Getting, managing, and renewing your API key |
| Plans | Free vs Premium plan comparison |
| Rate limiting | Rate limits and what to do when you hit one |
| Troubleshooting | Common issues and how to fix them |
