Frequently Asked Questions

PluginShield is a subscription-based SaaS platform that helps organizations inventory, track, and report on WordPress plugins and themes across multiple sites and projects—focused on security posture, risk, and governance.

PluginShield is built for WordPress agencies, enterprises, and security/audit teams who need centralized visibility into plugin and theme risk across many sites and environments.

Traditional security plugins run inside a single WordPress site. PluginShield is an organization-level platform that helps you manage plugin and theme dependencies across many sites and projects—like “dependency security” for WordPress.

An Organization represents a customer account (a company or client). It contains projects, users, permissions, and billing.

Projects are logical groupings of sites (for example by client, brand, or environment). Projects are the primary boundary for reporting and risk visibility.

Yes. You can add team members to an organization and assign roles/permissions so the right people can view, manage, and export reports.

We track the plugin/theme name and slug, source (catalog vs custom), installed versions per project/site, latest available version, and supporting metadata for reporting and risk analysis.

Yes. Custom plugins are supported and treated as first-class dependencies. We assign unique internal slugs so custom plugins do not collide with official WordPress catalog slugs.

Yes. PluginShield is designed to surface version drift—where the same plugin is running different versions across projects/sites—so you can quickly spot inconsistent patch levels.

Vulnerability correlation is part of the platform’s security focus. As vulnerability data is wired in, PluginShield will map CVEs to affected plugin versions and highlight severity and fixed-in versions.

We focus on actionable signals: outdated plugins, known vulnerabilities, version drift, and organization-level exposure—so you can prioritize the highest-impact remediation first.

Alerting and notifications are part of the roadmap as PluginShield evolves from inventory to continuous monitoring and security alerting.

Yes. PluginShield supports exportable reports (PDF / Excel) designed to be audit-friendly and easy to share with clients and stakeholders.

Yes. PluginShield is designed to support audit-friendly history—what changed, when, and where—so you can provide evidence over time.

PluginShield is built to support common governance and audit workflows (e.g., SOC 2, ISO 27001) and can be adapted to internal compliance requirements through reporting and policy-driven visibility.

We offer a free tier for evaluation and small teams, with paid plans for advanced reporting, higher limits, and security features.

Yes. You can manage your subscription from your account portal. If you need help, contact support and we’ll get you sorted.

Use the Contact page. For security issues, include reproduction steps, timestamps, and any relevant project/site details.

Yes. If you’re managing many sites or preparing for an audit, we can help you structure organizations and projects correctly and get clean reporting fast.