Automatic vulnerability protection for WordPress

Annual (save 10%)
Monthly

Community

Free*
* Protection starts from $5 website / mo
Start for free
Best for individuals with few websites to cover the essential security requirements. Mitigate yourself or enable pay-per-website protection.
Websites
10
Seats included
1
Vulnerability detection
Real-time protection
Software management

Developer

NEW
recommended
$89
Per month, billed once a year
Start 14-days trial
Best for professionals who build websites that need tailored solutions and uncompromised security. Protection included.
Websites
50
Seats included
1
Vulnerability detection
Real-time protection
Software management

Business

$459
Per month, billed once a year
Start 14-days trial
Best for businesses who manage a volume of sites and want to deploy security at scale.
Websites
500
Seats included
5
Vulnerability detection
Real-time protection
Software management

Community

Free*
* Protection starts from $5 app / mo
Start for free
Best for individuals with few websites to cover the essential security requirements. Mitigate yourself or enable pay-per-website protection.
Websites
10
Seats included
1
Vulnerability detection
Real-time protection
Software management

Developer

NEW
recommended
$99
Per month
Start 14-days trial
Best for professionals who build websites that need tailored solutions and uncompromised security. Protection included.
Websites
50
Seats included
1
Vulnerability detection
Real-time protection
Software management

Business

$499
Per month
Start 14-days trial
Best for businesses who manage a volume of sites and want to deploy security at scale.
Websites
500
Seats included
5
Vulnerability detection
Real-time protection
Software management
VAT is calculated upon checkout
30-day money back guarantee
SSL 256-bit secure payment

Full list of features

Plan
Community
Developer
Business
Websites
Up to 10
Up to 50
Up to 500
Additional websites
$49 / +40 websites
$99 / +50 websites
$149 / +50 websites
Seats included
1
1
5
Additional seats
$24 / seat
$24 / seat
Vulnerability management
Automatic vulnerability detection
Vulnerability 48h early warning
Remote software management
Auto-update vulnerable software
Custom alerts
Real-time protection
🔥 $5 / website / mo
Included
Included
Automatic vPatching module
Community IP blocklist
new
Advanced hardening module
Generic OWASP module
Remote hardening settings
Custom protection rules
Security reports
Real-time Snapshot reports
Periodical Developer reports
Report scheduling
Report white-labeling
Data retention
6 mo
12 mo
24 mo
Support
Assisted setup
Priority support
“Amazing plugin, you really will not find a better offer on the web that also has reasonable pricing. Worth every penny. “
@rodbroc
“The service was so impressive that I created an account to leave this review! Thanks, Patchstack!“
@uwuzura
“I am very satisfied with this plugin which has already thwarted many attack attempts.”
@idefix99

Real-time protection modules

A module is a collection of firewall rules managed by Patchstack. Assign modules to your connected websites to protect them. Read more.
recommended
Patchstack vPatching
Virtual patching module
Automatic virtual patches for medium and high priority vulnerabilities to prevent exploits without even changing any code.
Advanced Hardening
WordPress module
Apply additional security mechanics to WordPress websites which block common malicious requests.
new
Community IP blocklist
IP module
Block access for IP addresses which are known to exploit vulnerabilities and contribute threat data back to other Patchstack users.
Generic OWASP module
OWASP module
Protection against OWASP top 10 vulnerability types including XSS, SQLi, RCE. May cause false-positives for complex websites.

Frequently asked questions

Malware is most commonly injected by exploiting security vulnerabilities. Patchstack detects those vulnerabilities and automatically applies vPatches that provide highly targeted, lightweight and effective way to hold off attacks to prevent any malware to get inside.

Malware scanners in the other hand scan for already injected malware which means the website has already been compromised and infected which also requires a thorough clean-up. While having regular malware scans is important to cover your back, it’s always better to prevent malware infections in the first place.

WAF stands for Web Application Firewall, which is a firewall that inspects web traffic and blocks malicious requests. WAFs typically run on the web server software itself, and have limited knowledge of the websites they are protecting. WAFs tend to include and run all firewall rules against all requests, even if it does not apply to the underlying software.
vPatching, works a lot like a WAF: blocking known malicious requests but runs within the website itself. vPatching goes a step further, and can take into context information that only the website (such as WordPress) itself is aware of, like user authorization, software versions, etc… vPatches tend to be more efficient, and cause less resource usage in the website compared to a WAF because the only rules that are enabled are the ones applicable for each website.

We encourage pairing Patchstack with other security tools, such as WPVivid or UpdraftPlus for backups and WPUmbrella or ManageWP for uptime monitoring. You may also check with your hosting service provides whether they offer pluginless server-side backups.

Yes, Patchstack also prevents malicious actors exploiting known vulnerabilities in WooCommerce and plugins for WooCommerce.

Attackers automatically target all websites to build large bot nets to perform more complex attacks against lucrative targets. Even a basic website gives attackers one more node for future attacks. We believe better web security is a community effort.

Since Patchstack is focused on prevention in the first place, it does not scan your files like a malware scanner and won't help you in finding existing malware on your website. We recommend reaching out to your hosting provider or a professional.

The free version of Patchstack does not run anything aside from scheduled tasks on your website, so there will be no noticeable difference. The paid version does run several tasks on each page load but based on tests from us and from our customers we have seen that Patchstack does not affect your website's performance in any significant or noticeable way. In fact, a test done by one of our users indicated that Patchstack is up to 10x lighter than competing security services.

We have not had issues with Patchstack conflicting with other security services, but we do recommend using as few different tools on your WordPress site as possible. If you do use another security plugin, it is recommended to not enable similar features as it could cause site-breaking issues. If you have any issues with other security tools, please contact our support so we could investigate the issue.

Setting up Patchstack takes no more than a few minutes per installation. The data might need a few minutes to show up after a successful installation.

If you have questions, don't hesitate to reach out to Sander via live chat.

So how to get started?

1
Log in and add your website(s) to the dashboard
2
Install the plugin and sync your unique site API key
3
Toggle on protection from My Apps page
4
Upgrade to Developer for advanced features

Set up in 5 minutes and join 30,000 developers today!

Patchstack works with all popular web hosts
Patchstack works with all popular web hosts, including
Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
crossmenu