Jetpack Protect is a free security plugin for WordPress that scans your site and warns you about vulnerabilities, keeping your site one step ahead of security threats and malware.
What do I need to run Jetpack Protect on my site?
- A web host that meets the WordPress host requirements.
- The latest version of WordPress. If your version of WordPress is out of date, you’ll see a prompt to automatically upgrade with a single click, or can upgrade manually.
- A WordPress.com account. Don’t have one yet? Sign up for one here, or create one during the Jetpack connection flow. You only need one WordPress.com account to access all our services (including Akismet, Crowdsignal, Gravatar, and WordPress.com itself). If you use any of these services, you already have a WordPress.com account to connect to Jetpack. You can reset your WordPress.com password if you need to.
- A publicly accessible WordPress site: no password protection or Coming Soon / Maintenance Mode plugin in use.
- A publicly accessible XML-RPC file.
Installing Jetpack Protect
Installing Jetpack Protect can be done from your site’s WP Admin. To install Jetpack Protect via the WP Admin:
- Go to Plugins → Add New.
- Search for Jetpack Protect. The latest version will show in the search results. Click Install Now.
- Click Activate.
- After activating, you will be prompted to run Jetpack Protect.
- After some minutes, your results will show on the Jetpack Protect page.
Starting Your First Scan
Once you’ve installed the plugin, your first malware scan will begin automatically.
You can visit the Jetpack Protect dashboard in your WordPress admin panel to see the security threats and malware found by the integrated malware scanner.
When the malware scanner finds a security threat, you can view the recommended actions on the Jetpack Protect dashboard to secure your sites.
Note: It is not possible to set a time for the automated daily scans. They will run roughly every 24 hours.
FAQ
Is Jetpack Protect the same thing as the Protect feature in the Jetpack plugin?
The new Jetpack Protect plugin is different from the Jetpack feature formerly known as Protect (now renamed Brute Force Attack Protection).
The features of the new Jetpack Protect plugin are not included in the Jetpack plugin, and both plugins can be installed together without any issues.
Can I set the time of the daily security scan?
It is not possible to set a time for the automated daily scans run by the integrated malware scanner.
Will Jetpack Protect work on my local site?
Jetpack Protect requires a publicly accessible site to perform the vulnerability scan.
What are the differences between Jetpack Protect, Jetpack Scan, and WPScan plugins?
Jetpack Protect and Scan do not have any limit on the number of plugins and themes you can scan. WPScan has a daily cap based on your API usage.
For now, in Jetpack Protect, you can track your scan results only through the plugin’s dashboard. Jetpack Scan and WPScan have additional notifications such as email.
Jetpack Protect runs daily automated scans. Jetpack Scan and WPScan provide on-demand scan options on top of automatic scans.
Jetpack Scan has one-click fixers for most vulnerabilities. Protect does not have any fixers at this time, but it provides “how-to-fix” guides so that you can fix vulnerabilities manually.
Jetpack Protect and WPScans are standalone plugins that don’t need additional plugins to run, while Jetpack Scan needs the Jetpack plugin to work.
Jetpack Protect is a free plugin, and WPScan has free and paid options. On the other hand, Jetpack Scan is a paid plugin that you can purchase with a 14-day money-back guarantee. As with other paid Jetpack plugins, Scan users also have access to our priority support.
How will I know if Jetpack Protect has found WordPress security vulnerabilities and malware?
You can visit Jetpack Protect dashboard in your WordPress admin panel to see the security threats and malware found by the integrated malware scanner.
What do I do if Jetpack Protect finds a security threat?
When the malware scanner finds a security threat, you can view the recommended actions on the Jetpack Protect dashboard to secure your sites.
Why do I need WordPress security and malware scan?
A hacked WordPress site can cause serious damage to your business revenue and reputation. Jetpack Protect scans your site and lets you know possible malware and security threats on your installed plugins, themes, and core files.
Where can I learn more about WordPress security and malware threats?
To learn how to achieve better WordPress security, see this guide. On the Jetpack Blog, you can find many more articles written by the top WordPress security experts.
Still need help?
Please contact support directly. We’re happy to advise.
Privacy Information
This feature is deactivated by default. It can be activated at any time by installing the plugin and activating it. For general features and FAQs, please see our Jetpack Security features.
| Data Used | |
|---|---|
| Site Owners / Users We use the data synced for authentication of some APIs, to check themes, plugins, and WordPress version against the WPScan API in the free version of the plugin. | Site Visitors None. |
| Activity Tracked | |
| Site Owners / Users We track pageviews and clicks on pricing pages, clicks on upgrade prompts, and interactions with the application (example: what kinds of threats are clicked on). | Site Visitors None. |
| Data Synced (Read More) | |
| Site Owners / Users We sync data related to installed plugins and themes, and WordPress version. | Site Visitors None. |
Jetpack 