In the run-up to WCUS, I missed out on mentioning Patchstack has partnered with Hostinger to offer their customers a proactive security monitoring and update tool.
Hostinger CMO Daugirdas Jankas explains how that tool works, thanks to Patchstack’s vulnerability database. The database is constantly updated by a community of security researchers formerly called the Patchstack Alliance. (Formerly known as the “Red Team.”) The Alliance’s goal is “to find new vulnerabilities in popular plugins and themes before hackers can abuse them.”
There’s also the Patchstack Bug Bounty program providing incentives.
Jankas says “the Patchstack vulnerability database[is] the most frequently updated source of WordPress security vulnerabilities and allows it to be the first to provide protection.”
Most important to the host and end-user:
Once your website is connected to Patchstack and a vulnerable plugin is found on your WordPress site, a virtual patch is applied instantly to the website.
You can think of the virtual patch as a very specific firewall rule that blocks any third parties who might try to abuse the vulnerable functionality on the website.
The point of a virtual patch is to provide security when a security update has not yet been released for a newly vulnerable plugin.