Links in vulnerability notices shouldn’t link to website

Thanks for building and maintaining such a great product. I have an issue with a recent change though.

In the past, email vulnerability notices contained a link for each vulnerability to a publicly accessible web page with info about the vulnerability (most importantly, whether there was a fix available).

With this recent change, email links now go to a page on WordPress admin for the affected site. This requires the administrator to log in to the site to determine if there’s even a fix available. Furthermore, if the site login URL has been changed (via this plugin), the link results in a “page not found” error. So, you have to navigate to your custom login URL, log in, then go back to the email and click the link again (or navigate in WP admin to the vulnerabilities page).

I realize this sounds like a minor complaint but I’m the point person for about 75 websites that my company maintains, so multiply this effort times a busy day dealing with all this and it adds up.

It would make me very happy if you could add a second link for each vulnerability (in the notification emails) to allow someone to quickly check the status of a fix without having to log into every affected site.



This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer