Save time and resources with WordPress security automation

Annual (save 10%)
Monthly

Community

Free
No base price, no credit card required
Start for free
Detect vulnerabilities for free and turn on protection for individual apps.
Apps included
10
Seats included
1
Vulnerability detection
Real-time protection
Software management
Add-ons

Developer

NEW
recommended
$89
Per month, billed once a year
Start 14-days trial
Customize and automate security in care plans and web applications.
Apps included
50
Seats included
1
Vulnerability detection
Real-time protection
Software management
Add-ons

Business

$459
Per month, billed once a year
Start 14-days trial
For agencies looking to upkeep a larger volume of web apps.
Apps included
500
Seats included
5
Vulnerability detection
Real-time protection
Software management
Add-ons

Community

Free
No base price, no credit card required
Start for free
Detect vulnerabilities for free and turn on protection for individual apps.
Apps included
10
Seats included
1
Vulnerability detection
Real-time protection
Software management
Add-ons

Developer

NEW
recommended
$99
Per month
Start 14-days trial
Customize and automate security in care plans and web applications.
Apps included
50
Seats included
1
Vulnerability detection
Real-time protection
Software management
Add-ons

Business

$499
Per month
Start 14-days trial
For agencies looking to upkeep a larger volume of web apps.
Apps included
500
Seats included
5
Vulnerability detection
Real-time protection
Software management
Add-ons
VAT is calculated upon checkout
30-day money back guarantee
SSL 256-bit secure payment

Full list of features

Plan
Community
Developer
new
Business
Web apps included
Up to 10
Up to 50
Up to 500
Seats included
1
1
5
Vulnerability management
Automatic vulnerability detection
Vulnerability 48h early warning
Remote software management
Auto-update vulnerable software
Custom alerts
Real-time protection layer
$9 app / mo
new
Included
Included
Automatic virtual patching
Generic OWASP protection module
Unlimited custom protection rules
Security reports
new
Snapshot reports
Real-time overview
Developer reports
Periodic overview
Protection activity
Report scheduling
Report white-labeling
Data retention
6 mo
12 mo
24 mo
Add-ons
Vulnerability API (500 calls / day)
From $149
From $149
From $149
Incident response
$9 / app
$9 / app
Volume upgrade
new
$99 / 50 apps
$149 / 50 apps
Additonal seat
$24 / seat
$24 / seat
Support
Priority support
Assisted setup

Add-ons

recommended
Incident response
$9 per app / mo
No web app is ever 100% safe. Suspect your web app has security issues? Our experts will jump to rescue.
Vulnerability API
Read more
For developers and agencies who use CLI tooling to manage their WordPress websites.
Additional seats
$24 per seat / mo
Add team members to your account and assign roles.
new
Volume upgrade
+50 apps
Increase the maximum amount of supported web applications. $99 for Developer and $149 for Business accounts.

Frequently asked questions

Malware is most commonly injected by exploiting security vulnerabilities. Patchstack detects those vulnerabilities and automatically applies virtual patches that provide highly targeted, lightweight and effective way to hold off attacks to prevent any malware to get inside.

Malware scanners in the other hand scan for already injected malware which means the web application has already been compromised and infected which also requires a thorough clean-up. While having regular malware scans is important to cover your back, it’s always better to prevent malware infections in the first place.

WAF stands for Web Application Firewall, which is a firewall that inspects web traffic and blocks malicious requests. WAFs typically run on the web server software itself, and have limited knowledge of the web applications they are protecting. WAFs tend to include and run all firewall rules against all requests, even if it does not apply to the underlying software.
Virtual Patching, works a lot like a WAF: blocking known malicious requests but runs within the application itself. Virtual Patching goes a step further, and can take into context information that only the application (such as WordPress) itself is aware of, like user authorization, software versions, etc… Virtual patches tend to be more efficient, and cause less resource usage in the application compared to a WAF because the only rules that are enabled are the ones applicable for each website.

We encourage pairing Patchstack with other security tools, such as WPVivid or UpdraftPlus for backups and WPUmbrella or ManageWP for uptime monitoring. You may also check with your hosting service provides whether they offer pluginless server-side backups.

Attackers automatically target all websites to build large bot nets to perform more complex attacks against lucrative targets. Even a basic website gives attackers one more node for future attacks. We believe better web security is a community effort.

Since Patchstack does not scan your files, it won’t help you in finding malware on your website. If you have any indication that your website is already hacked, please contact our support, so we can take a look and see how or what caused any of the problems you are facing. Our users can enable the Incident response add-on for $9/mo or request a clean-up for a one-time fee of $199. Clean-ups are done manually.

The free version of Patchstack does not run anything aside from scheduled tasks on your website, so there will be no noticeable difference. The paid version does run several tasks on each page load but based on tests from us and from our customers we have seen that Patchstack does not affect your website’s performance in any significant or noticeable way. In fact, a test done by one of our users indicated that Patchstack is up to 10x lighter than competing security services.

We have not had issues with Patchstack conflicting with other security services, but we do recommend using as few different tools on your WordPress site as possible. If you do use another security plugin, it is recommended to not enable similar features as it could cause site-breaking issues. If you have any issues with other security tools, please contact our support so we could investigate the issue.

Setting up Patchstack takes no more than a few minutes depending on if you are using auto-install through the Patchstack App (which takes seconds) or a manual installation (which can take up to 3 minutes). Note that in some cases auto-install may not be possible. The data might need some time to show up after a successful installation.

If you have questions, don't hesitate to reach out to Sander via the Intercom chat.

So how to get started?

1
Create an account, set up billing and 2FA (optional)
2
Add the web app(s) to our Dashbaord
3
Connect your web app by (auto-)installing the plugin
4
Customize your experience with rules, alerts and reports

Set up in 5 minutes and join 30,000 developers today!

Patchstack works with all popular web hosts
Patchstack works with all popular web hosts, including
Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
crossmenu