The Jetpack Protect plugin is a free security plugin for WordPress that scans your site and warns you about vulnerabilities, keeping your site one step ahead of security threats and malware.
What do I need to run Jetpack Protect on my site?
- A web host that meets the WordPress host requirements.
- The latest version of WordPress. If your version of WordPress is out of date, you’ll see a prompt to automatically upgrade with a single click, or can upgrade manually.
- A WordPress.com account. Don’t have one yet? Sign up for one here, or create one during the Jetpack connection flow. You only need one WordPress.com account to access all our services (including Akismet, Crowdsignal, Gravatar, and WordPress.com itself). If you use any of these services, you already have a WordPress.com account to connect to Jetpack. You can reset your WordPress.com password if you need to.
- A publicly accessible WordPress site: no password protection or Coming Soon / Maintenance Mode plugin in use.
- A publicly accessible XML-RPC file.
Installing Jetpack Protect
Installing Jetpack Protect can be done from your site’s WP Admin. To install Jetpack Protect via the WP Admin:
- Go to Plugins → Add New.
- Search for Jetpack Protect. The latest version will show in the search results.
- Click Install Now.
- Click Activate.
- After activating, you will be prompted to select one of two plans:
- Free: This plan includes checking items against the WPScan database and daily automated scans for threats and vulnerabilities.
- Jetpack Protect: This plan is a Jetpack Scan plan. With this plan, you will get the same features as the Free plan, plus several premium features.
- Once you’ve selected a plan and completed the purchase process (if necessary), Jetpack Protect will begin its first scan.
- Once the scan is complete, your results will show in the WP Admin by going to Jetpack → Protect.
Scanning Your Site
Once you’ve installed the plugin, your first malware scan will begin automatically. After the first scan, they will run about every 24 hours. It is not possible to set a time for automated daily scans.
If you have a paid Jetpack plan that includes Jetpack Scan, you will have the ability to start a scan on demand through the plugin. You can do this by going to your WP Admin and then Jetpack → Protect. From there, click Scan now.
Viewing and Fixing Security Threats
You can visit the Jetpack Protect dashboard in your WordPress admin panel to see the security threats and malware found by the integrated malware scanner. When the malware scanner finds a security threat, you can view the recommended actions on the Jetpack Protect dashboard to secure your sites.
You can view security threats and malware found by Jetpack Protect by going to your WP Admin and then Jetpack → Protect. From there, you can see a list of threats found, and how to fix them.
Still need help?
Please contact support directly. We’re happy to lend a hand and answer any other questions that you may have.
This feature is deactivated by default. It can be activated at any time by installing the Jetpack Protect plugin.
|Site Owners/Users and Visitors|
This feature evaluates the incoming HTTP requests and blocks them if they’re considered malicious.
|Site Owners/Users and Visitors|
If the Share data with Jetpack checkbox is selected we track which rules caused a request to be blocked. We don’t track actual request data with this option.
|Data Synced (Read More)|
|Users:Used in the authentication process for some of our APIs.|
Themes:Used to get the themes list that we should check against the WPScan API in the free version.
Plugins:Used to get the plugins list that we should check against the WPScan API in the free version.
WordPress version:Used to know which version we should check against the WPScan API in the free version.