Introducing the Patchstack feature to auto-update vulnerable plugins on the Software page on Patchstack App.
Patchstack is helping web developers and digital agencies protect their whole client portfolio. Our focus on component security is helping agencies and developers feel more confident in offering care plans and keeping all their sites protected.
The auto-update feature available in the Patchstack App helps you to set up automatic updates. If there is a vulnerability in any of the software components (plugins, CMS, themes) you use on your sites, you will receive an update.
This will help you to reduce site management time drastically. It gives you peace of mind, that Patchstack protects your sites and auto-updates vulnerable plugins whenever there’s a possible threat.
What are the biggest challenges for freelancers and digital agencies in 2020? Read the Website Security Survey Report 2020 to find out.
What is a software component?
A software component is a piece of code that makes up your website.
Let’s take a WordPress site as an example. WordPress sites are built or put together using different software. Software is for example the CMS (WordPress core), the plugins or themes you use.
Most of the time, such software is built by someone else and therefore you rely on their experience, coding skills, and trust that what they have built is safe and secure.
A worrisome fact is that third-party software, such as plugins and themes account for 98% of the security issues in the WordPress ecosystem.
This is why we are focusing a lot of work on fighting the software security problem and helping you to protect your sites with the help of the Patchstack App, Patchstack Alliance, and Patchstack database.
How does the software page help?
The software page allows you to see a quick overview of all outdated and vulnerable plugins and themes on all your sites. It will give you a full overview of all the software you have installed on your site.
This page will tell you how many different software you have installed on your sites, which sites are outdated, and which are vulnerable. You will also see how many of the installed plugins or themes are outdated or vulnerable.
Some of the features include the ability to update:
- Everything on all sites
- Specific sites
- Specific software on all sites
- Only vulnerable or outdated components
The auto-update feature in the Patchstack App also makes it possible for all new updates to be installed on your sites right away without requiring any interaction.
There is also an option to only execute auto-update against plugins that have vulnerabilities.
How to use the software management feature?
Once you are logged into the app you see a new menu item called “Software”. You can see it in the menu on the left side. The software page contains several tabs which are described below. Clicking this will default to the overview tab on this page.
Overview
This will show an overview of your WordPress sites and their software statuses. You can see the WordPress version, Patchstack version, number of software, how many are outdated, and how many are vulnerable on each site individually.
There will be buttons at multiple places that you can click to execute specific update actions as described above.
Logs
We log all failed and successful update actions for your own records and to determine why an update failed. In case an update failed, this will also show a more detailed error as to why it failed to execute the update.
Note that this will only display updates executed on the software page and not updates that were executed by any other means.
How to auto-update vulnerable plugins?
To perform WordPress auto-update only on vulnerable plugins or the software installed on your websites you need to navigate to the Auto-Update Settings page. This allows you to see the current auto-update settings of your WordPress sites with the ability to update them on all sites individually or globally.
The auto-update feature is executed on the site itself. It means that the current status is retrieved from your sites one at a time. We don’t store the auto-update date settings on our side.
The auto-update status can hold 3 different statuses: disabled, enabled and unknown.
If a site has its status set to unknown, it means that we could not retrieve the settings from the site due to not being able to reach the site, timing out or the site returning an invalid response that we could not parse.
What is a software?
A software is a piece of code that makes up your website.
Let’s take a WordPress site for an example. WordPress sites are built or put together using different software. Software is for example the CMS (WordPress core), the plugins or themes you use.
How to protect sites from plugin vulnerabilities?
We are focusing a lot of work on fighting the plugin security problem and helping you to protect your sites with the help of the Patchstack Alliance and Patchstack App.
In order to protect your sites from plugin vulnerabilities, you need to monitor updates and vulnerabilities. We send daily automatic updates (vPatches) to Patchstack to make sure the sites are protected.
How to enable auto-updates on WordPress websites?
Patchstack allows you to auto-update all your WordPress sites from one dashboard. You have the ability to update all sites individually or globally. You can also choose to update only vulnerable sites.
Can I auto-update vulnerable plugins only?
Yes, with Patchstack you have the possibility to update vulnerable plugins automatically.