Question
Why doesn't the WP-Toolkit Vulnerabilities email show any domain names?
Answer
The WP-Toolkit vulnerability notification email template is compiled into the extension's source code and cannot be modified through the Notifications section in Plesk.
In earlier versions, the email listed each vulnerability alongside the specific site it affected. The current behavior has changed: the notification now reports vulnerable components in general terms rather than tying them to a particular subscription or domain. This is intentional. A single vulnerable plugin or theme can be installed across multiple sites, so associating it with one domain would be misleading or incomplete.
To identify the exact site, click the "On a site" link within the email. This opens the WP-Toolkit security card filtered to the specific WordPress installation, so there is no ambiguity about which site is affected.
Comments
What's missing in this question is why did you change it two weeks ago? The old way with the site name was much more useful.
I want to go directly to the website, not first to Plesk to find out which site it is. Really weird that you added an extra step to this?
Legit Agency Please submit your feature ideas/suggestions here so they can be considered.
Jose Flores Thanks I'll check it out, but if it's not intended to comment on this it would be better to remove that button and just have a link directly.
Thanks to share your link it would be better to remove that button and just have a link directly.
Please sign in to leave a comment.