OOPSpam logo

Security monitoring for WordPress

OOPVulns Vulnerability Scanner

Monitor WordPress core, plugins, and themes for known vulnerabilities with a modern, accessible dashboard and optional email alerts.

Install the WordPress plugin →
Get your API Key →
OOPVulns dashboard illustration

Comprehensive scanning coverage

OOPVulns scans all major parts of your WordPress installation to catch known security issues before they become incidents.
  • WordPress core version checks
  • Installed plugin slug and version checks
  • Installed theme slug and version checks

Key features

OOPVulns is designed for practical, low-overhead security monitoring inside WordPress admin.
  • Explicit opt-in vulnerability scanning
  • Automatic daily or weekly scans
  • Email notifications for detected vulnerabilities
  • Modern dashboard with detailed findings
  • Severity labels: Critical, High, Medium, Low
  • Update guidance for fix availability
An illustration on how OOPSpam Anti-Spam API detects spam.

How it works

The plugin checks versions of core, plugins, and themes against the OOPSpam vulnerability database and displays findings in the dashboard.

Installation and setup

  1. Install and activate the OOPVulns plugin in WordPress.
  2. Go to Tools → Vulnerability Scanner.
  3. Enter your OOPSpam API key.
  4. Enable vulnerability scanning (disabled by default).
  5. Run your first manual scan.

Already an OOPSpam customer? You're all set.

If you're already using the OOPSpam Anti-Spam plugin, OOPVulns shares your existing API key automatically — no new account, no extra cost, no separate subscription.
  • One API key covers both spam protection and vulnerability scanning
  • OOPVulns is free for existing OOPSpam customers
  • No need to install or pay for a separate security scanner
  • Streamline your WordPress stack with fewer plugins

Built to stay lightweight

Scans run via WordPress cron and results are cached, so frontend performance is not affected.

Frequently Asked Questions (FAQ)

Do I need an API key?

Yes. An API key is required to check for vulnerabilities. If you use OOPSpam Anti-Spam, the API key can be shared automatically.

How are API calls counted?

Each plugin check and each theme check counts as one API call. WordPress core adds one additional call.

How often does the plugin scan?

Scanning is disabled by default. Once enabled, scans can run daily or weekly, and manual scans are available anytime.

What data is sent to the external API?

Only WordPress core version, plugin slugs/versions, and theme slugs/versions are sent. No personal data or site content is transmitted.

Does this plugin slow down my site?

No. Scans run in the background using WordPress cron and results are cached.

Start monitoring vulnerabilities in your WordPress site today.

Install OOPVulns →

Contact us

Need to know more? Don't hesitate to contact us.

© 2017 - 2026 OOPSpam LLC

x logo github logo wordpress logo