Support Home > Security > Jetpack Protect

Jetpack Protect

Stay ahead of security threats and malware, keeping your site safe with Jetpack Protect. Scan your site and get warned about vulnerabilities.

Protect your reputation and revenue by avoiding a hacked website.

Requirements for Jetpack Protect

  • A web host that meets the WordPress host requirements.
  • The latest version of WordPress. If your version of WordPress is out of date, you’ll see a prompt to automatically upgrade with a single click, or can upgrade manually.
  • A WordPress.com account. Don’t have one yet? Sign up for one here, or create one during the Jetpack connection flow. You only need one WordPress.com account to access all our services (including Akismet, Crowdsignal, Gravatar, and WordPress.com itself). If you use any of these services, you already have a WordPress.com account to connect to Jetpack. You can reset your WordPress.com password if you need to.
  • A publicly accessible WordPress site: no password protection or Coming Soon / Maintenance Mode plugin in use. Jetpack Protect will not work on a local environment.
  • A publicly accessible XML-RPC file.

Install Jetpack Protect

To install Jetpack Protect via the WP Admin:

  1. Start at your WP Admin dashboard.
  2. Go to Plugins → Add New.
  3. Search for Jetpack Protect. The latest version will show in the search results. The Jetpack Protect plugin has additional features and can be installed alongside the Jetpack plugin without any issues. Click Install Now.
Screenshot of the Jetpack Protect plugin from the WordPress plugin repo
  1. Click Activate.
  2. Choose a the Paid Plan for one-click threat fixes, automatic protection rules for the web application firewall, and other premium features. Or start for free.
  3. Your first scan will start.
  4. After a few minutes, your results will show on the Jetpack Protect page.
Screenshot of Protect results, indicating "No vulnerabilities found"

Check Protect results

Once you’ve activated the plugin and chosen your plan, your first malware scan will begin automatically.

The paid Scan plan sends you notifications any time there is a potential security warning. With the Free version, you will need to proactively check your Protect dashboard.

  1. Visit Jetpack → Protect in your WordPress admin panel to see the security threats and malware found by the integrated malware scanner.
  2. When the malware scanner finds a security threat, view the recommended actions on the Jetpack Protect dashboard to secure your sites.
  3. If you have upgraded to a paid Jetpack Scan plan, use the auto-fixer to resolve any threats. If you are on the Free plan, follow the recommendations given.

Note: Scans run roughly every 24 hours. It is not possible to set a time for the automated daily scans.

For even more tips on how to maintain good WordPress site security, read about How to Secure Your Site from Hackers.

Disable math captcha

To to turn off the math captcha option while still using Jetpack, add a filter to your site’s functions.php file or a custom functionality plugin. Here’s how you can disable the math fallback captcha:

add_filter( 'jpp_use_captcha_when_blocked', '__return_false' );

By adding this code, you’ll turn off the math captcha, but Jetpack Protect’s primary security functions will continue to work as normal.

Please be aware that code snippets are provided as a courtesy and our support team is unable to offer assistance customizing them further.

Jetpack Protect, Jetpack Scan, and WPScan: Understand the difference

Jetpack offers a variety of tools designed to enhance the security of your WordPress site by detecting and reporting on vulnerabilities. Each tool serves a unique function in protecting your digital presence.

Jetpack Protect

Jetpack Protect is a free plugin that checks your site daily for vulnerable plugins and themes. If vulnerable software is found, it will alert you via your WordPress Dashboard. Additionally, Jetpack Protect provides a basic web application firewall (WAF). 

You can run Jetpack Protect on its own or alongside the Jetpack plugin.

Jetpack Scan

Jetpack Scan is a paid upgrade that can be added to the Jetpack Protect plugin or to the Jetpack plugin. In addition to the features provided by Jetpack Protect, it provides real-time malware scanning and an enhanced web application firewall (WAF) while also enabling auto-fixes (where available) for security threats.

Jetpack Scan makes it easy to monitor your site’s security by providing automated email notifications of security threats.

WPScan

Jetpack Protect and Scan are powered by the same data that is available in Automattic’s enterprise-level WPScan.

Still need help?

Please contact support directly. We’re happy to advise.

Privacy Information

Jetpack Protect is deactivated by default. It can be activated at any time by installing the plugin and activating it. For general features and FAQs, please see our Jetpack Security features.

Data Used
Site Owners / Users

We use the data synced for authentication of some APIs, to check themes, plugins, and WordPress version against the WPScan API in the free version of the plugin.		Site Visitors

None.
Activity Tracked
Site Owners / Users

We track pageviews and clicks on pricing pages, clicks on upgrade prompts, and interactions with the application (example: what kinds of threats are clicked on). 		Site Visitors

None.
Data Synced (Read More)
Site Owners / Users

We sync data related to installed plugins and themes, and WordPress version.		Site Visitors

None.

  • Table Of Contents

  • Contact Us

    Need more help? Feel free to contact us.