Patchstack – WordPress & Plugins Security

Description

Patchstack is a powerful tool that helps to identify security vulnerabilities within all your websites plugins, themes, and core.
Patchstack is powered by the most active community of ethical hackers in the WordPress ecosystem.
Patchstack is trusted by the leading WordPress experts such as: Pagely, Cloudways, GridPane, Plesk and others!

Why do I need Patchstack Community (Free) version?

  • Be the first to know about new vulnerabilities!
  • You will save time by monitoring all your websites from a single dashboard.
  • You will be notified if any of the installed plugins or themes have security issues.
  • You will get simple actionable suggestions to secure your websites.
  • You will spend less resources fixing WordPress security issues (avoid expensive clean-ups).
  • You can worry less about your website’s security and focus on your work.

What does Patchstack Community (Free) version include?

Detect security issues before hackers take over your website:

  • Detect the latest security vulnerabilities in WordPress plugins.
  • Detect the latest security vulnerabilities in WordPress themes.
  • Detect the latest security vulnerabilities in WordPress core.
  • Receive real-time alerts to email if any security vulnerabilities are found.
  • Have a central security dashboard for up to 99 websites (via the Patchstack app).

Important Resources

See what our customers say about our Professional plan:

  • “Patchstack is awesome. All of my sites are protected by Patchstack and none have ever been hacked. High recommended.” – Jose Gil (August 2021)
  • “The only WAF I trust. They are way ahead of the curve providing firewall security for WordPress websites.” – Mark Werle (August 2021)
  • “Love the product! Best decision I made regarding security on my websites!” – Ben Poston (August 2021)
  • “The service here is superb! And they always are right on it with the best solution to solve the problem or question at hand. The tool itself is, well, it speaks for itself. I am very satisfied with this project and the service they offer.” – Daniel Canup (March 2021)

(*Comparison are done by comparing paid versions)

Sucuri vs. Patchstack https://patchstack.com/sucuri-alternative/
Wordfence vs. Patchstack https://patchstack.com/wordfence-alternative/
Malcare vs. Patchstack https://patchstack.com/malcare-alternative/
Sitelock vs. Patchstack https://patchstack.com/sitelock-alternative/

Screenshots

  • Patchstack App Dashboard
  • Patchstack App Alerts Overview
  • Patchstack App Site Hardening
  • Patchstack App Firewall Overview
  • Patchstack App Components Overview

Installation

Simply install the Patchstack plugin by searching for “Patchstack” on the plugin management page of WordPress or install the plugin manually by following the steps:

  1. Download the plugin from the WordPress.org Patchstack plugin download page.
  2. Unzip the .zip file.
  3. Upload the entire patchstack directory to the /wp-content/plugins/ directory.
  4. Activate Patchstack through the ‘Plugins’ menu in WordPress.

FAQ

What makes plugin vulnerabilities so dangerous?

A worrisome website hacking statistic is that well over 90% of WordPress vulnerabilities are related to plugins or themes. One report found that as much as 98% of WordPress vulnerabilities are due to plugins while another study reported that 95% of vulnerabilities were because of plugins and themes.
To be secure, you should always keep WordPress plugins, themes, and core updated and monitored. Make sure you are always aware of the plugins you’re using on your websites and always remove the ones that you are not using.
When it comes to WordPress security plugins, we first recommend you get a better understanding of the WordPress security ecosystem and how they work.
Find one that can offer virtual patching (check out the Patchstack pro version).

How does Patchstack Community (free) version protect sites from vulnerabilities?

Patchstack Community (free) version will let you know if you have any vulnerabilities present in the plugins, themes, or WordPress core version that are installed on your site.
By having the knowledge and always getting alerts about vulnerabilities you will spend fewer resources fixing WordPress security issues and can avoid expensive clean-ups in the long run.

What features does Patchstack Community (free) version include?

With Patchstack you will be able to **eliminate security issues before hackers take over your website. You can detect the latest security vulnerabilities in WordPress plugins, themes, and core. You will receive real-time alerts to email or slack if any security vulnerabilities are found and have a central security overview for up to 99 websites in the Patchstack app.

What features does Patchstack PRO (paid) version include?

With Patchstack PRO version you can identify plugin vulnerabilities, receiver automatic virtual patches to these vulnerabilities, and get detailed reports on your security status.

The features included are:

  • Plugin vulnerability detection (also included in free)
  • Theme vulnerability detection (also included in free)
  • WordPress core vulnerability detection (also included in free)
  • Virtual patches for WordPress plugins
  • Virtual patches for WordPress themes
  • Virtual patches for WordPress core
  • Insecure configuration detection
  • Domain name and SSL certificate expiration detection
  • HTTP security headers detection
  • 0-day protection (OWASP top 10)
  • Unlimited custom firewall rules
  • Logs and analytics
  • Unlimited custom alert triggers
  • Monthly PDF reports
  • Alerts to Slack
  • Alerts to email (also included in free)

What checks does Patchstack Community (free) version perform on your website?

We do not perform any external checks on your website. We do however match the plugins, themes, and WordPress core you have installed on your website with our vulnerability database to determine if there is a known vulnerability.

How will I be alerted if I have a vulnerability on my site?

With the Patchstack Community (free) version, you can set up alerts using email (Slack notifications available in Professional plan).

What is Patchstack incident response assistance?

We offer incident response assistance which will cover the sites on all occasions (even if the site was not directly attacked).
In the PRO version, we monitor the site we protect from a wide range of attacks, but if something happens, we will have our forensics team step in, collect the evidence, clean up the website and create a report to help you improve the security of your sites even more.
The add-on can possibly help you save tons of money when something happens and it only costs $3.49 per site/mo. Enable incident response assistance on your website here.

Does Patchstack conflict with any other security plugins?

We have not had issues with Patchstack conflicting with other security services, but we do recommend using as few different tools on your WordPress site as possible. If you do use another security plugin, it is recommended to not enable similar features as it could cause site-breaking issues. If you have any issues with other security tools, please contact our support so we could investigate the issue.

Are any logs stored in my database?

We do not store any logs of any kind in your database or on your filesystem on the Community (free) version of Patchstack.

Does the Community (free) version plugin include a firewall?

Patchstack free version does not include a firewall, the free version is there to let you know if you have any vulnerabilities present on your website.

Will Patchstack slow down my website?

The free version of Patchstack does not run anything aside from scheduled tasks on your website, so there will be no noticeable difference. The paid version does run several tasks on each page load but based on tests from us and from our customers we have seen that Patchstack does not affect your website’s performance in any significant or noticeable way.

What if my site has already been hacked?

Since Patchstack does not scan your files, it won’t help you in finding malware on your website. If you have any indication that your website is hacked, please contact our support so we can take a look and see how or what caused any of the problems you are facing.

Does Patchstack work on multisite?

Once you install the plugin on a multisite installation, you will see a page where you can activate Patchstack on the sites that are available on the multisite installation.
Each site will be added to the Patchstack app individually and will take up a slot on your account.

Where can I learn more about Patchstack?

You can learn more about Patchstack at the Patchstack website and blog.
See more here: https://patchstack.com/

What support options are available with Patchstack?

Patchstack offers chat and email support (support@patchstack.com) in addition to support articles available on the support page. To contact chat support, open docs.patchstack.com and find the green chat bubble at the bottom right corner of your screen (note that some adblockers and privacy extensions can block this, so you might have to whitelist the Patchstack site).

How long does the Patchstack setup take?

Setting up Patchstack takes no more than a few minutes depending on if you are using auto-install through the Patchstack App (which takes seconds) or a manual installation (which can take up to 3 minutes). The data might need some time to show up after a successful installation.

How do I upgrade from a Community (free) version to PRO version?

You can upgrade from free to a paid version on your dashboard at the Patchstack app. Just log in at app.patchstack.com/login or directly go to app.patchstack.com/setup to set up a plan.

Do I need to pay for support?

No, support from the Patchstack team is free, but for free version users it can take up to 3-4 business days for a reply. Patchstack paid version users will receive an answer from the support within 24 hours.

What information does Patchstack collect?

We take your privacy very seriously. After activating Patchstack, it will store some information such as the software installed on your site. Please see our Terms & Conditions, Privacy Policy, and DPA for more information. Please email support@patchstack.com if you have other questions about your privacy.

Where can I find Patchstack Terms & Conditions, Privacy Policy, and DPA?

Terms & Conditions: https://patchstack.com/terms-and-conditions/
Privacy Policy: https://patchstack.com/privacy-policy/
Data Processing Agreement (DPA): https://patchstack.com/data-processing-agreement-dpa/

How can I join the Patchstack Facebook community?

You can join the Patchstack Facebook community here: https://www.facebook.com/groups/patchstackcommunity

How can I join the Patchstack vulnerability newsletter?

Join Patchstack vulnerability newsletter here: https://mailchi.mp/patchstack/newsletter

I developed a WordPress plugin – how can I get it security audited by Patchstack?

See more about Patchstack security audits here: https://patchstack.com/solutions/#auditing

Reviews

فبراير 20, 2022
Patchstack is an amazing security plugin for WordPress. It's easy to install and update, and it has saved my site from being hacked plenty of times. I have been using it for over a year now and I am so glad that I found it! Every serious Wordpress user should be using Patchstack to secure their website.
نونبر 29, 2021
Why? Most wordpress security concerns are due to plugin vulnerabilities, even with the best security hygiene, if a plugin you have installed has a vulnerabilities, it can take less than a day for a breach to occur, sweaty hands just thinking about it right? These folks seem to go where the problem lies, further their platform looks really good and their support so far (I'm in the free version for now) has been attentive and proactive. Best of luck to the team!
مارس 5, 2022
Good for small business owners. Migrated from wordfence>Cleantalk security to Patchstack, after a long wait since we don't face any security issues till date and both our previous plugins were protecting well. But still you may need to upgrade with modern technique which makes your work easier. Patchstack giving me no worry sleep, since I don't have to bother about plugin vulnerabilities anymore, giving auto updates to core, plugins and themes, v3 reCAPTCHA, deactivated plugin customizer/editor from dashboard and much more. Even though the support is not quick and I have received any impressive help from the team, but still this took do its work well. No issues to upgrade the license and continue with patchstack security.
نونبر 8, 2021
We have been connected with PatchStack Team for Our WordPress Plugins/Themes Audits, Their knowledge and expertise is unbelievable. They have helped us make our products secure on top of that given lots of tips to make WordPress Sites Secure. After having an amazing experience with them as an audit partner, We come to know about this plugin for on-site security, We have started to use that in our sites and It's phenomenal too. I am not surprised to see such an extraordinary plugin for security, Because It's made by THE PATCHSTACK TEAM. Install it on your WordPress site and Go take a deep sleep. Patchstack team is there for your site. Big congratulations to the team on this amazing plugin and wish to use that all possible sites of ours and clients.
نونبر 4, 2021
3rd party Plugins being the top reason for Site hack, Patchstack comes to rescue with its automatic Virtual Patches. I am more confident about my sites security after using this. Thank You Patchstack Team.
نونبر 2, 2021
The best security option for WordPress, there are so many others but this really covers all the bases, and I love this new update that unifies all the setting away from my site back to the Patchstack site where I can login once and set everything and see an overview for all my sites. And the emails they send are super informative not only about security but overall WordPress maintenance, highly recommend
Read all 5 reviews

Contributors & Developers

“Patchstack – WordPress & Plugins Security” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

To view the changelog of the Patchstack plugin, please go to here.