We’re happy to announce a new strategic partnership with Cloudways. This week, Cloudways launched their vulnerability scanner powered by Patchstack’s database, giving their customers visibility into potential security issues with their WordPress core, plugin and theme versions.
In short, this means that more people will know whether they have hidden security risks in their websites.
This is also exciting news because the partnership highlights a big mindset shift happening in the WordPress ecosystem, with more companies thinking about security proactively rather than reactively.
Plugin vulnerabilities (which accounted for 93% of all WordPress vulnerabilities last year) are a very common security risk – but they’re also easily preventable, especially now that we have a lot more awareness and information on them. If you’ve been following our work you may have noticed we talk about growing our database of vulnerabilities pretty much exponentially every year. And while that growth may sound alarming it’s actually a good thing because security researchers working that much harder to combat the issue.
We said in our big WordPress security roundup whitepaper back in March, that it’s really important that the WordPress ecosystem leaders (like Cloudways) are showing a positive example by dealing with vulnerabilities in a proactive, responsible & mature manner.
How does the integration work?
The Cloudways vulnerability scanner can see which WordPress core, plugin and theme versions are installed on your website. It periodically checks these versions against the Patchstack Database to see if any are affected by a security issue. If a vulnerability is found, the user will be notified and led to check the affected versions.
The vulnerability scanner will also show recommended actions for vulnerable components (generally this means updating the plugin, or removing it if no updates are available). You can also get more details about the specific issue:
Please keep in mind that the integration does not inlcude Patchstack’s virtual patching protection layer – it only shows you information about vulnerabilities, and you’ll ultimately have to take necessary steps to mitigate them yourself.
What is included, however, is our 48-hour early warning for vulnerabilities found by Patchstack Alliance, which should give you enough time to figure out the best course of action. This early warning is critical as we know from our data that in some cases, vulnerabilities may be exploited within hours of them becoming public.
Cloudways is a leading managed cloud hosting and software as a service (SaaS) provider for small to medium-sized businesses (SMBs). Cloudways is part of DigitalOcean, which helps developers, startups and small and medium-sized businesses rapidly build, deploy and scale applications to accelerate innovation and increase productivity and agility.