mySites.guru
Over 7,000 WordPress plugin CVEs disclosed in 2024 alone

Know About WordPress
Vulnerabilities Before
Hackers Do

Thousands of WordPress plugin and theme vulnerabilities are disclosed every year. Most site owners find out weeks later — after they've already been exploited. mySites.guru watches every CVE feed and alerts you within hours, across every site you manage.

Start Monitoring Free →
No credit card All your sites, one dashboard WordPress & Joomla

80,000+

Sites monitored

Since 2012

12+ years of security data

4.6/5

Average user rating

1M+

Security audits completed

The vulnerability window is where sites get hacked

A vulnerability is disclosed. Within 24–48 hours, automated scanners operated by attackers have found every WordPress site running the affected plugin. If you haven't patched yet, you're in their sights.

Most site owners rely on WordPress's weekly update nag or stumble across a security notice in a newsletter — days or weeks after disclosure. By then, a significant portion of unpatched sites have already been compromised.

The fix is simple: know the moment a vulnerability drops, know exactly which of your sites are affected, and patch before attackers have a chance to act. That's what mySites.guru does automatically.

Without monitoring

A critical plugin vulnerability is disclosed on Monday. You hear about it the following Friday in a newsletter. Your site was scanned by attack bots on Tuesday and compromised by Wednesday.

With mySites.guru

The vulnerability is disclosed Monday morning. You receive an alert within hours showing exactly which of your sites are running the affected version. You apply the patch before lunch.

How vulnerability monitoring works

Set it up once. From that point on, mySites.guru handles the watching so you don't have to.

1

Connect your sites

Install our lightweight connector plugin on each WordPress or Joomla site. It takes about two minutes per site and reports back your full software inventory — every plugin, theme, and extension with its version number.

2

Automatic monitoring begins

We cross-reference your software inventory against the Wordfence vulnerability API, live CVE feeds, NVD, and our own research. Any time a new vulnerability matches something installed on your sites, we flag it immediately.

3

Get alerts and patch with one click

You receive an instant alert detailing the CVE, its severity score, the affected plugin or theme, and which of your sites are exposed. If a patch is available, you can apply it directly from the dashboard — no SSH, no FTP, no logging into each site individually.

Everything that can be exploited, monitored

We track vulnerabilities across the full stack of software on your sites, not just the most popular plugins.

WordPress core

Every WordPress version release is checked against known CVEs. We alert you immediately if your core installation has an unpatched vulnerability.

WordPress plugins

Tens of thousands of plugins tracked across all your sites. When a CVE drops for any plugin version you're running, you hear about it first.

WordPress themes

Theme vulnerabilities are frequently overlooked. We track parent and child themes and flag CVEs that target theme code as well as plugin code.

Joomla core & extensions

Full Joomla support including core versions, components, modules, and plugins. We're one of the only monitoring platforms that covers both CMS ecosystems.

Severity scoring

Every flagged vulnerability includes its CVSS score so you can prioritise critical and high-severity issues first. Not every CVE needs emergency action — we help you tell the difference.

Instant alerts

Notifications via email, Slack, and the dashboard the moment a relevant CVE is published. No daily digest delays — you find out when it happens.

Built for people managing more than one site

Most vulnerability scanners are designed for a single site. You paste in a URL, get a report, and move on. That works if you manage one site. If you manage ten, fifty, or two hundred, you need something that watches the whole portfolio — automatically, continuously, without you having to remember to check.

mySites.guru was built from day one for agencies and developers managing multiple sites. Every vulnerability alert tells you exactly which sites are affected, in a single view. One dashboard, all your sites, all the threats.

All your sites, not just one

Connect every site you manage. When a CVE drops, see the complete list of affected sites in one place rather than checking each one individually.

WordPress and Joomla in one place

You shouldn't need different tools for different CMS platforms. mySites.guru monitors WordPress and Joomla from a single dashboard — the only platform that does both properly.

Integrates with your workflow

Slack notifications, email alerts, and a REST API so vulnerability data can flow into whatever tools your team already uses. Security shouldn't mean switching contexts.

One-click patching at scale

Apply security updates across multiple sites simultaneously from the dashboard. No need to log into each site, navigate to the updates screen, and click update one by one.

Who uses vulnerability monitoring

From solo site owners to agencies managing hundreds of client sites, the threat is the same. The solution scales.

Agencies

One vulnerable plugin across 50 client sites is 50 support emergencies waiting to happen. mySites.guru monitors the entire portfolio and lets you push patches to every affected site before a single client calls. Retain your clients' trust, and your own sanity.

Freelancers

You're responsible for sites you built years ago and sites you took over last month. You can't manually check every plugin changelog every day. mySites.guru does the watching for you and only interrupts when something actually matters.

Site Owners

You run your own WordPress site and you update plugins when you remember to log in. mySites.guru tells you precisely when a plugin you're running becomes dangerous — so you can act fast rather than hoping nothing bad happens in the meantime.

What our users say

Common questions about vulnerability monitoring

Which vulnerability databases does mySites.guru use?
We use the Wordfence vulnerability API as our primary data source, combined with the National Vulnerability Database (NVD) and our own research. This gives us broad, reliable coverage and means we pick up vulnerabilities fast when they are disclosed.
How quickly will I get an alert after a vulnerability is disclosed?
Typically within hours of a CVE being published or a vulnerability being added to our sources. Our monitoring runs continuously — not on a daily schedule — so you are not waiting until tomorrow morning to hear about a critical flaw disclosed at midnight.
Does mySites.guru automatically patch vulnerabilities?
Yes. When a security update is available for a vulnerable plugin, theme, or CMS core, you can apply it with one click directly from the dashboard. For agencies managing large portfolios, bulk update tools let you push patches across every affected site at once. We always recommend reviewing changelogs before patching, but the option to act fast is there when you need it.
How many sites can I monitor for vulnerabilities?
As many as you need. Plans scale from a handful of sites up to hundreds. Agency plans include unlimited site monitoring with team access and white-label reporting. There is no artificial limit on the number of plugins or themes tracked per site.
Does it monitor Joomla extensions too, not just WordPress plugins?
Yes — mySites.guru is one of the very few platforms that fully supports both WordPress and Joomla. We track vulnerabilities in Joomla extensions and templates alongside WordPress plugins and themes, all from the same dashboard.
What happens if I have a vulnerable plugin I cannot update yet?
The dashboard flags the specific CVE, explains the risk, and links to the advisory so you can make an informed decision. In cases where no patch exists yet, we surface that clearly so you can consider temporarily deactivating the plugin or applying a WAF rule while you wait for the vendor to release a fix.
More questions? See pricing or run a free audit first.

More ways mySites.guru protects your sites

WordPress Site Hacked?

Free security scan for compromised WordPress sites

Joomla Site Hacked?

Free security scan for compromised Joomla sites

Malware Scanner

Deep file-level malware scanning for WordPress

Bulk Updates

Update all plugins across every site at once

Manage Multiple Sites

One dashboard for all your WordPress sites

Automated Backups

Schedule backups across thousands of sites

Real-Time Alerts

Get notified of file changes, logins, and suspicious activity

Security Headers Check

Audit HTTP security headers across all your sites

Client Reports

White-label HTML reports for your clients

Stop finding out about vulnerabilities too late

Connect your sites and get real-time CVE alerts from today. Free to start, no credit card required.

Start Monitoring Free →
No credit card WordPress & Joomla All your sites, one dashboard

Out of your depth? Need Help?

Phil Taylor

The Original Joomla Expert – Since 2004

Found issues with your Joomla or WordPress site? Get same-day expert help fixing errors, security issues, and performance problems. Flat-rate pricing, no hourly billing surprises.

  • ● Fix hacked or compromised sites
  • ● Resolve PHP errors & White Screen of Death
  • ● System upgrades & PHP 8 compatibility
  • ● Performance optimization & hosting issues
  • ● £120 flat rate per incident
Get Expert Help TODAY! →

If we can't add value, you don't pay • Same-day turnaround

20+ Years – Fixing Websites

Need Help Addressing Health Check Issues?

Phil Taylor has been fixing Joomla sites since 2004. If it were simple, you would have done it yourself by now. Get professional help from someone who's seen it all.

  • 20+ years of Joomla & PHP expertise
  • Same-day turnaround on most issues
  • No charge if we can't add value or fix the problem