How We Manage Security Alerts and Plugin Updates

At BionicWP, we prioritize the stability and security of your WordPress sites through a combination of industry-leading tools and automated intelligence. This guide explains how we handle security notifications (like those in Jetpack) and our process for keeping your site updated.

We install Jetpack on all managed sites to provide robust backups and real-time security scanning.

• Enterprise Management: We use an Enterprise License that centralizes all site data within our secure portal.

• Access & Reports: Because the license is managed at the agency level, individual client access to the Jetpack dashboard is not available. However, our team can provide a detailed security report for any of your sites upon request.

• Critical Threat Alerts: If Jetpack flags a "Critical Threat," it serves as a notification that a specific file, theme, or plugin on your site has a known vulnerability.

We don't just update WordPress core; our system is designed to update all plugins and themes installed on your site. To ensure these updates don't break your site, we use AI-based Visual Regression Testing (VRT).

1. Detection: Our system identifies when a new version of a plugin or theme is released by the author.

2. Staging & Comparison: The AI takes a "snapshot" of your site, applies the update in a staging environment, and compares it to the original.

3. Deployment: If no visual discrepancies are found, the update is deployed to your live site automatically.

If you see a security alert that has been active for a long time, it is typically due to one of the following reasons:

1. No Author Update: Our system can only update a plugin if the developer has released a fix. If the author has not patched the vulnerability, the alert will remain until a safe version is available.

2. Expired or Missing Licenses: We do not manage individual third-party license keys. If a plugin license is expired, revoked, or was never added, the site cannot "see" or download the latest updates from the developer.

3. Administrative Approval: To maintain the integrity of your site, we will not deactivate a plugin or change site configurations to clear an alert without your explicit approval.

Regarding the maintenance of your website, BionicWP is responsible for performing automated AI-based updates for all available plugin and theme versions. We also provide continuous security monitoring through Jetpack scanning and can generate detailed threat reports upon your request. While our system is designed to apply security patches as soon as they are released by developers, the site administrator is responsible for ensuring that all third-party license keys remain active and valid. It is also the administrator's duty to review vulnerability reports and decide on appropriate plugin replacements if a developer has not released a fix, as well as to renew any premium subscriptions to maintain consistent update access.

Pro Tip: If you receive a persistent threat notification, please check the Licenses tab in your WordPress dashboard to ensure your premium plugins are authorized to receive updates.