Guides · 12 min read

Every Free WordPress Security Tool Inside WP Vanguard

By WP Vanguard Team

Every Free WordPress Security Tool Inside WP Vanguard

Most WordPress security tools charge a monthly subscription before you can do anything useful. WP Vanguard takes a different approach: the tools you need to stay informed about your site's security and health are free. You pay only when you need something that costs us real compute -- a deep SSH scan or a malware cleanup.

This post walks through every free feature in WP Vanguard, what it does, and how it helps you catch problems before they become emergencies. Whether you run a single blog or manage a hundred client sites, every feature described here is included with every account at no cost.

Surface Vulnerability Scanner

The scanner is where most people start with WP Vanguard. Enter any WordPress URL at wpvanguard.com and get a security report in under two minutes. No login required. No plugin to install. No server access needed.

The surface scan checks your site from the outside -- the same perspective an attacker would have -- and reports on:

Every finding comes with a severity rating and a clear explanation of what it means and what to do about it. The report is shareable, downloadable, and stored in your account if you are logged in.

Why This Matters

WordPress powers over 40% of the web. That makes it the most targeted CMS on the planet. Outdated plugins with known CVEs are the single most common entry point for attackers. A surface scan tells you in seconds whether your site has any publicly known vulnerabilities -- the same ones automated scanners and botnets are already probing for.

Running a scan after every plugin update, theme change, or WordPress core update is the simplest habit that catches the most common security problems.

Uptime Monitoring

Your site going down is the most urgent problem you can have. Every minute offline is lost visitors, lost revenue, and lost trust. The problem is that most site owners find out their site is down the same way their visitors do -- they try to visit it and get an error.

WP Vanguard checks your site every 5 minutes, 24 hours a day, 7 days a week. When your site fails a check, you get an email within minutes. When it comes back up, you get a recovery notification with the total downtime duration.

Your dashboard shows:

Why This Matters

Server crashes, failed plugin updates, hosting provider outages, and misconfigured deployments all cause downtime. Without monitoring, you find out when a customer emails you or when you happen to check the site yourself. Five-minute checks mean you know within minutes, not hours. That is the difference between a quick fix and an all-day outage you did not notice until the afternoon.

SSL Certificate Expiry Monitoring

When an SSL certificate expires, every visitor sees a browser warning: "Your connection is not private." Chrome, Firefox, and Safari all show it. Most visitors leave immediately. The traffic impact is instant and severe.

SSL certificates expire on a fixed schedule -- every 90 days for Let's Encrypt, annually for most paid certificates. Auto-renewal can fail silently. Hosting provider renewal emails get buried in spam. The result is that SSL expiry is one of the most common causes of preventable site downtime.

WP Vanguard checks your SSL certificate daily and alerts you at three points:

Why This Matters

A 30-day warning gives you weeks of lead time for something that takes 10 minutes to fix. Without monitoring, you find out when the certificate has already expired and visitors are already seeing warnings. The goal is that you never reach that point.

Domain Name Expiry Monitoring

An expired domain is worse than an expired SSL certificate. When a domain expires, your site goes completely offline. If you do not renew quickly, the domain enters a redemption period and eventually becomes available for anyone to register. Domain squatters actively watch for expiring domains with established traffic and backlinks. Losing a domain you have built over years is painful and sometimes impossible to reverse.

Domain renewals happen once a year, making them easy to forget. Auto-renewal relies on a payment method staying current. Registrar notification emails end up in spam.

WP Vanguard performs a daily WHOIS lookup for each of your sites and alerts you:

Why This Matters

You do not think about your domain 364 days of the year. On the one day that matters, an automated alert is the difference between a routine renewal and a domain recovery nightmare.

Google Blacklist Monitoring

When Google Safe Browsing flags your site, Chrome, Firefox, and Safari all show a full-screen red warning to every visitor. Search traffic drops 50% to 90% within 24 hours. The ranking damage persists even after cleanup and delisting.

Getting blacklisted usually means your site is already compromised -- infected with malware that redirects visitors, injects spam, or serves phishing pages. The malware is often designed to hide from logged-in administrators, so you might not notice it at all until Google flags you.

WP Vanguard checks your site against Google Safe Browsing weekly. If your site is flagged, you get an immediate alert with next steps:

  1. Run a deep scan to identify the infection
  2. Request a cleanup to remove the malware
  3. Submit a review request to Google after cleanup

You can also run an on-demand check any time by clicking "Check now" on the blacklist card in your dashboard.

Why This Matters

The average time between a site getting compromised and the owner finding out is weeks. Blacklist monitoring shortens that to days at most. Catching it early means less SEO damage, fewer affected visitors, and a faster path back to clean.

Performance Score Tracking

Site speed is a Google ranking factor. PageSpeed Insights gives you the same score Google uses as part of its ranking signals. A site scoring 85 today might drop to 60 after a few plugin updates and a new widget -- and you might not notice until search rankings start slipping.

Every Monday, WP Vanguard fetches a PageSpeed Insights mobile score for each of your sites. Mobile matters most because Google uses mobile-first indexing.

Score ranges follow Google's thresholds:

You can also trigger an on-demand check after making performance changes -- new caching, image optimization, theme switch -- to see the immediate impact.

Why This Matters

Performance tracking is not a diagnostic tool. It is an early warning system. A sudden score drop tells you something changed. Without tracking, performance degradation is invisible until you lose rankings.

Vulnerability Alerts

When a new CVE is published for a plugin version installed on one of your sites, WP Vanguard sends you an email immediately -- not when you run your next scan, but when the vulnerability is disclosed.

This works because the surface scan detects your installed plugin and theme versions. WP Vanguard's vulnerability database syncs daily with Wordfence Intelligence, Patchstack, WPScan, and the NVD. When a new CVE matches a version running on your site, the alert fires automatically.

Why This Matters

The window between public vulnerability disclosure and mass exploitation is shrinking. For critical unauthenticated vulnerabilities, automated exploitation can begin within hours. Getting an alert the day a CVE drops instead of whenever you happen to run your next scan gives you the head start you need to update before attackers arrive.

Weekly Digest Email

Every Monday morning, WP Vanguard sends a single summary email covering all your sites:

One email, every site, once a week.

Why This Matters

Individual alerts are essential for urgent problems. But the weekly digest gives you the big picture. It is the email you scan over coffee on Monday morning to confirm everything is running cleanly -- or to catch the one site that needs attention before the week gets busy.

Scheduled Scanning

Set any site to scan automatically on a weekly or monthly schedule. The scan runs at the scheduled time, results are stored in your dashboard, and you get an email if new issues are found.

This is useful for sites where you want continuous security coverage without remembering to manually trigger scans. Set the schedule once and it runs indefinitely.

Why This Matters

Security is not a one-time check. Plugins get updated, new vulnerabilities are disclosed, configurations change. Scheduled scanning ensures your sites are checked regularly without relying on you to remember.

Health Score

Every scan produces a health score from 0 to 100 based on the findings. The score weighs critical issues heavily, high issues moderately, and medium issues lightly. A score of 100 means no issues were found. Lower scores indicate problems that need attention, with the most severe findings pulling the score down the fastest.

The health score appears on your dashboard next to every site, giving you an instant visual indicator of which sites are healthy and which need work.

Why This Matters

When you manage multiple sites, you need a way to triage. The health score tells you at a glance which site to look at first. A site at 95 probably just needs a plugin update. A site at 40 needs immediate investigation.

PDF Reports with AI Explanations

After a deep scan, WP Vanguard generates a downloadable PDF report. Each finding includes an AI-generated explanation of what the issue means, why it matters, and specific steps to fix it -- written in plain language, not security jargon.

The PDF is designed to be shared with clients, stakeholders, or anyone who needs to understand the security status of a site without interpreting raw scan output.

Why This Matters

Security findings are useless if the person responsible for the site does not understand them. AI-generated explanations bridge the gap between technical scan output and actionable information. For agencies, the PDF report is the deliverable you hand to a client.

For Agencies and Developers

Everything above scales to portfolios. When you manage 20, 50, or 200 WordPress sites, the value of WP Vanguard shifts from "I know my site is secure" to "I can see the security status of every site I manage in one place."

Dashboard view. Every site card shows health score, uptime percentage, SSL status, and performance score side by side. You can scan your entire portfolio in a single view and immediately see which sites have problems. Red stands out. Green means clear.

Email alerts at scale. When a client's site goes down at 2am, you get the email. When an SSL certificate is 7 days from expiry, you know before the client does. Proactive resolution instead of reactive firefighting.

Weekly digest for portfolio management. One email summarizing the status of every site. The Monday morning check that tells you what needs attention this week.

Partner API. For agencies and hosting providers who want to integrate scanning and monitoring into their own workflows, the Partner API supports surface scans, deep scans, bulk scanning, and webhook notifications via REST endpoints. Build monitoring dashboards, automate client reporting, or trigger scans from your deployment pipeline.

What Is Free vs. What Costs Money

The line is simple: monitoring and scanning are free. Intensive per-site work costs money.

Feature Cost
Surface vulnerability scan Free
Uptime monitoring (every 5 min) Free
SSL certificate expiry alerts Free
Domain name expiry alerts Free
Google blacklist monitoring Free
Performance score tracking Free
Vulnerability alerts Free
Weekly digest email Free
Scheduled scanning Free
Health score dashboard Free
Deep SSH scan (20 checks) $1 per scan
Malware cleanup + hardening $49 per site (first cleanup free)
PDF report with AI explanations Included with deep scan

No subscriptions. No monthly fees. No feature gates on the free tier. Pay only when you need deep scanning or cleanup.

Getting Started

If you already have a WP Vanguard account, every feature described here is already active. Check your dashboard to see monitoring data, health scores, and alerts.

If you have not tried WP Vanguard yet, start with a free scan. Enter your URL at wpvanguard.com and get results in under two minutes. Create an account to add your site and monitoring starts automatically -- no configuration, no plugin install.

Every feature works without installing anything on your WordPress site. Uptime, SSL, domain, blacklist, and performance checks all run externally from our servers. Deep scans and cleanups are the only features that require SSH access.


Scan your site free | View pricing | Partner API for agencies | Documentation

wordpress-security monitoring free-tools uptime vulnerability-scanner

Related reading

Check Your WordPress Site Security

Free scan, no login required. Find vulnerabilities before attackers do.

Scan Your Site Free

Get weekly WordPress security tips

Vulnerability alerts, plugin updates, and security guides. No spam. Unsubscribe any time.

WP Vanguard is built by Wbcom Designs, makers of Reign, Jetonomy, Listora, and more. Explore our WordPress products →
← Back to Blog