Patchstack - WordPress & Plugins Security

A worrisome website hacking statistic is that well over 90% of WordPress vulnerabilities are related to plugins or themes. One report found that as much as 98% of WordPress vulnerabilities are due to plugins while another study reported that 95% of vulnerabilities were because of plugins and themes. To be secure, you should always keep WordPress plugins, themes, and core updated and monitored. Ensure you are always aware of the plugins you’re using on your websites and always remove the ones you are not using. When it comes to WordPress security plugins, we first recommend you get a better understanding of the WordPress security ecosystem and how they work. Find one that can offer vPatching (check out Patchstack's features).

Patchstack Community (free) version will let you know if you have any vulnerabilities present in the plugins, themes, or WordPress core version that are installed on your site. By staying informed and receiving alerts about vulnerabilities, you can reduce the resources spent on fixing WordPress security issues, avoiding expensive clean-ups in the long run.

With Patchstack you will be able to **eliminate security issues before hackers take over your website. You can detect the latest security vulnerabilities in WordPress plugins, themes, and core. You will receive real-time alerts to email or Slack if any security vulnerabilities are found and have a central security overview for up to 10 websites in the Patchstack App. Optionally you can also enable vPatch protection against vulnerabilities for $5/month for individual sites. You can also increase your free plan site limit to 50 sites with a volume-upgrade add-on.

With Patchstack Developer version you can identify plugin vulnerabilities, receive automatic vPatches to these vulnerabilities, and get detailed reports on your security status. You also get access to additional hardening options, like advanced custom rules and the Community IP blocklist.

• Plugin vulnerability detection (also included in free)
• Theme vulnerability detection (also included in free)
• WordPress core vulnerability detection (also included in free)
• vPatches for WordPress plugins
• vPatches for WordPress themes
• 0-day protection (OWASP top 10)
• Unlimited custom firewall rules
• Logs and analytics
• Unlimited custom alert triggers
• Weekly / monthly PDF reports
• Alerts to Slack
• Alerts to email (also included in free)

We do not perform any external checks on your website. We do however match the plugins, themes, and WordPress core you have installed on your website with our vulnerability database to determine if there is a known vulnerability.

With the Patchstack Community (free) version, you can set up alerts using email (Slack notifications are available in the Developer plan).

We have not had issues with Patchstack conflicting with other security services, but we do recommend using as few different tools on your WordPress site as possible. Avoid enabling similar features if using another security plugin to prevent potential site-breaking issues. If you have any issues with other security tools, please contact our support so we could investigate the issue.

We do not store any logs in your database or your filesystem on the Community (free) version of Patchstack.

Patchstack free version does not include a firewall, the free version is there to let you know if you have any vulnerabilities present on your website.

The free version of Patchstack does not run anything aside from scheduled tasks on your website, so there will be no noticeable difference. The paid version does run several tasks on each page load but based on tests from us and from our customers we have seen that Patchstack does not affect your website's performance in any significant or noticeable way.

Once you install the plugin on a multisite installation, you will see a page where you can activate Patchstack on the sites that are available on the multisite installation. Each site will be added to the Patchstack app individually and will take up a slot on your account.

You can learn more about Patchstack at the Patchstack website and blog. See more here: https://patchstack.com/

Patchstack offers chat support at patchstack.com in addition to support articles available on the support page. To contact chat support, open patchstack.com and find the green chat bubble at the bottom right corner of your screen (note that some adblockers and privacy extensions can block this, so you might have to whitelist the Patchstack site).

Setting up Patchstack takes no more than a few minutes.

You can upgrade from free to a paid version on your dashboard at the Patchstack App. Just log in at app.patchstack.com/login or directly go to app.patchstack.com/setup to set up a plan.

No, support from the Patchstack team is free. However, for free version users, replies may take up to 1-2 business days. Patchstack paid version users will receive an answer from the support within 24 hours.

We take your privacy very seriously. After activating Patchstack, it will store some information such as the software installed on your site. Please see our Terms & Conditions, Privacy Policy, and DPA for more information.

Terms & Conditions: https://patchstack.com/terms-and-conditions/ Privacy Policy: https://patchstack.com/privacy-policy/ Data Processing Agreement (DPA): https://patchstack.com/data-processing-agreement-dpa/

You can join the Patchstack Facebook community here: https://www.facebook.com/groups/patchstackcommunity

See more about Patchstack security audits here: https://patchstack.com/auditing/. You can also submit your plugin or theme to the Patchstack mVDP (Managed Vulnerability Disclosure Program).

You can report any security bugs found in the source code of this plugin through the Patchstack Vulnerability Disclosure Program. The Patchstack team will assist you with verification and CVE assignment.