The “Jetpack Scan” Extension allows you to effortlessly scan all your Child Sites for potential vulnerabilities, get detailed information about each vulnerability, and take advantage of the one-click solution for most issues.
Note: The extension requires a Jetpack plugin on your Child Sites and a Jetpack Scan subscription that you can get at a discounted price from within the MainWP Dashboard.
Installing the extension
The first step is to install Jetpack plugin and activate the Jetpack Scan feature. Please follow Jetpack’s help article for details on how to do so.
After that, follow these steps to install the MainWP Jetpack Protect extension.
- Go to your MainWP Dashboard
- Go to the MainWP > Extensions page
- Click the Install Extensions button
- Locate the Jetpack Scan extension and select it
- Click the Install button
- Once the installation process is complete, click the Activate Extensions button.
Connect extension to Jetpack App
Access your WordPress.com Developer account and fill in the form in order to create an application.
The value for the Redirect URL field can be found on the Dashboard > Extensions > Jetpack Scan > Add App page.
Manage multiple apps
To add multiple apps, simply repeat the process on the Add App page.
All added apps can be managed on the Manage Apps page.
From here, Access to the account can be requested again, or the App can be removed from the extension.
The table on the overview page displays all the sites on which the Jetpack Scan is active.
The WP, Plugins and Themes columns show the number of vulnerabilities found in the respective categories.
The ellipsis menu reveals additional actions, such as the ability to hide the Jetpack plugin on the child site, and the ability to update the Jetpack plugin.
And Bulk Actions menu provides the same actions but for multiple child sites at once.
Request a scan
For a single site
Locate the desired child site in the table, and select the Request Re-can Now action from the ellipsis menu.
For multiple sites
Locate the desired child sites in the table and mark their checkboxes, then select the Request Re-can Now from the Bulk Actions menu, and click Apply.
For all sites
Simply click the Request Re-can For All Sites button.
Remote server credentials
Before Jetpack Scan can attempt to fix threats on a child site, it needs to have SSH, SFTP or FTP server credentials for that child site.
This will be indicated by the red X or green checkmark icon in the Credentials column in the table on the Overview page.
To add SSH, SFTP or FTP server credentials for child sites, please follow the steps outlined in this help article.
After doing so, click the Sync Jetpack Scan Data button to fetch the latest Jetpack Scan data.
Threats are managed on the Threats page. The page will list all of your sites that have Jetpack Scan active and the vulnerabilities for WP Core, Plugins and Themes will be shown in the last three columns.
To manage threats, click on any vulnerability count in the table,expand the specific threat, and then choose to either Ignore threat or Fix threat.
NOTE: Fixing a threat relies on the Jetpack API and may take multiple minutes to complete. You can leave this page and come back at a later time.
Depending on the Jetpack products active on a child site, a Backup may also be performed before an attempted fix, and the process can take several minutes to complete.
After you’ve either ignored or fixed a threat, the threat will be visible on the History page. The layout of the page is identical to the Threats page, so simply click on a vulnerability count of a desired child site to see the history of threat management.