Paid security auditing for WordPress plugin and theme developers
Identify and fix possible security issues
Identify vulnerabilities in your app’s security infrastructure that could potentially be exploited by attackers.
Earn and retain community reputation
Demonstrating commitment to ensuring the security your users and data will help build trust and within your users.
Do your part in making the web secure
Service fees are funneled to our community via the Alliance bounty platform and directly contribute to making all open-source safer.
1
Submit your project details for a price quote
2
Full project code-review by our security team
3
Receive a detailed report with recommended fixes
4
Patch validation to confirm sufficient fixes
Yes, we require access to the source code as our audits are not black box based. Having access to the source code allows us to find deeper and more complex vulnerabilities. The source code can be provided to us through email, through an invitation to your repository, a secure transfer link or your own preferred method of transferring files.
It is possible that we are not able to find any vulnerabilities if the source code follows all the code conventions and standards. Keep in mind that the audit is manual labor and is based on a certain amount of hours spent, not based on the number of vulnerabilities we may or may not find.
Although we do not fix vulnerabilities for you, we do provide information on how to patch the vulnerabilities that we have identified and will also assist with the patching process if needed.
As each software is vastly different when it comes to the structure, code complexity, lines of code and number of files, each audit will have a different cost attached to it. Reach out to us for an estimate for an audit of your software.
Request a paid security audit quote
Patchstack is the official security point of contact for 560+ plugins
