Vulnz Agent.
Super-lightweight Vulnz plugin for WordPress.
Built for Performance
Vulnz Agent (vulnz-agent) is the lightweight companion plugin for Vulnz. It acts as the secure bridge between your WordPress site and your Vulnz dashboard.
- Zero Bloat: No dashboard widgets, no upsell banners, and no persistent background processes.
- Read-Only: It takes a snapshot of your installed plugins and themes to check for vulnerabilities, but it never modifies your site data.
- Open Source: Fully transparent and GPLv2 licensed. You can audit every line of code.
# Extract the plugin $ unzip -q vulnz-agent-2.1.1.zip # Get plugin's extracted size (it's tiny) $ du -sh vulnz-agent/ 84K vulnz-agent/
Installation Options
Standard Installation
For individual sites, install it just like any other plugin.
- Download the .zip file.
- Go to Plugins → Add New → Upload Plugin.
- Activate and navigate to Settings → Vulnz Agent.
- Enter your API Key (found in your Dashboard).
Agency (mu-plugin)
Extract the plugin into /wp-content/mu-plugins/, then create a loader file wp-content/mu-plugins/vulnz-agent/php.
<?php /** * Plugin Name: Vulnz Agent (MU) * Description: Must-use plugin loader for Vulnz Agent */ require_once WPMU_PLUGIN_DIR . '/vulnz-agent/vulnz-agent.php';
Add your Vulnz API credentials to wp-config.php.
define('VULNZ_AGENT_API_URL', 'https://api.vulnz.net');
define('VULNZ_AGENT_API_KEY', 'your-site-key');
define('VULNZ_AGENT_ENABLED', true);Radical Transparency
We believe you should know exactly what data leaves your server.
The Agent sends only the following technical telemetry to vulnz.net:
✅ WordPress Core Version
✅ PHP Version
✅ Active Plugin List (Slugs & Versions)
✅ Active Theme List
❌ NO User Data or personally identifiable information
❌ NO Database Content
❌ NO Passwords or Keys
Technical Requirements
Any recent version of WordPress & PHP should work fine. These are what recommend, going in to 2026:
- WordPress: 6.0 or higher
- PHP: 8.0+ (Optimised for PHP 8.3+)
