Patchstack – WordPress 及外掛安全性


Patchstack is a powerful tool that helps to identify security vulnerabilities within all your websites’ plugins, themes, and WordPress core.
Patchstack is powered by the WordPress ecosystem’s most active community of ethical hackers.
Patchstack is trusted by the leading WordPress experts such as: Pagely, Cloudways, GridPane, Plesk, and others!

Why do I need Patchstack Community (Free) version?

  • Be the first to know about new vulnerabilities!
  • Save time by monitoring all your websites from a single dashboard.
  • Receive notifications if any installed plugins or themes have security issues.
  • Get simple actionable suggestions to secure your websites.
  • Spend fewer resources fixing WordPress security issues (avoid expensive clean-ups).
  • Worry less about your website’s security and focus on your work.

What does Patchstack Community (Free) version include?

Detect security issues before hackers take over your website:

  • Detect the latest security vulnerabilities in WordPress plugins.
  • Detect the latest security vulnerabilities in WordPress themes.
  • Detect the latest security vulnerabilities in WordPress core.
  • Receive real-time alerts via email if any security vulnerabilities are found.
  • Have a central security dashboard for up to 10 (upgradable to 50) websites (via the Patchstack App).

Important Resources

See what our customers say about our paid plans:

  • “Patchstack is awesome. All of my sites are protected by Patchstack and none have ever been hacked. High recommended.” – Jose Gil (August 2021)
  • “The only WAF I trust. They are way ahead of the curve providing firewall security for WordPress websites.” – Mark Werle (August 2021)
  • “Love the product! Best decision I made regarding security on my websites!” – Ben Poston (August 2021)
  • “The service here is superb! And they always are right on it with the best solution to solve the problem or question at hand. The tool itself is, well, it speaks for itself. I am very satisfied with this project and the service they offer.” – Daniel Canup (March 2021)

(*Comparisons are done by comparing paid versions)

Sucuri vs. Patchstack
Wordfence vs. Patchstack
Malcare vs. Patchstack
Sitelock vs. Patchstack


  • Patchstack App Dashboard
  • Patchstack App Alerts Overview
  • Patchstack App Site Hardening
  • Patchstack App Firewall Overview
  • Patchstack App Components Overview


Simply install the Patchstack plugin by searching for “Patchstack” on the plugin management page of WordPress or install the plugin manually by following the steps:

  1. Download the plugin from the Patchstack plugin download page.
  2. Unzip the .zip file.
  3. Upload the entire patchstack directory to the /wp-content/plugins/ directory.
  4. Activate Patchstack through the ‘Plugins’ menu in WordPress.


What makes plugin vulnerabilities so dangerous?

A worrisome website hacking statistic is that well over 90% of WordPress vulnerabilities are related to plugins or themes. One report found that as much as 98% of WordPress vulnerabilities are due to plugins while another study reported that 95% of vulnerabilities were because of plugins and themes.
To be secure, you should always keep WordPress plugins, themes, and core updated and monitored. Ensure you are always aware of the plugins you’re using on your websites and always remove the ones you are not using.
When it comes to WordPress security plugins, we first recommend you get a better understanding of the WordPress security ecosystem and how they work.
Find one that can offer vPatching (check out Patchstack’s features).

How does Patchstack Community (free) version protect sites from vulnerabilities?

Patchstack Community (free) version will let you know if you have any vulnerabilities present in the plugins, themes, or WordPress core version that are installed on your site.
By staying informed and receiving alerts about vulnerabilities, you can reduce the resources spent on fixing WordPress security issues, avoiding expensive clean-ups in the long run.

What features does Patchstack Community (free) version include?

With Patchstack you will be able to **eliminate security issues before hackers take over your website. You can detect the latest security vulnerabilities in WordPress plugins, themes, and core. You will receive real-time alerts to email or Slack if any security vulnerabilities are found and have a central security overview for up to 10 websites in the Patchstack App.
Optionally you can also enable vPatch protection against vulnerabilities for $5/month for individual sites. You can also increase your free plan site limit to 50 sites with a volume-upgrade add-on.

What features does Patchstack Developer (paid) version include?

With Patchstack Developer version you can identify plugin vulnerabilities, receive automatic vPatches to these vulnerabilities, and get detailed reports on your security status. You also get access to additional hardening options, like advanced custom rules and the Community IP blocklist.

Included features are:

  • Plugin vulnerability detection (also included in free)
  • Theme vulnerability detection (also included in free)
  • WordPress core vulnerability detection (also included in free)
  • vPatches for WordPress plugins
  • vPatches for WordPress themes
  • 0-day protection (OWASP top 10)
  • Unlimited custom firewall rules
  • Logs and analytics
  • Unlimited custom alert triggers
  • Weekly / monthly PDF reports
  • Alerts to Slack
  • Alerts to email (also included in free)

What checks does Patchstack Community (free) version perform on your website?

We do not perform any external checks on your website. We do however match the plugins, themes, and WordPress core you have installed on your website with our vulnerability database to determine if there is a known vulnerability.

How will I be alerted if I have a vulnerability on my site?

With the Patchstack Community (free) version, you can set up alerts using email (Slack notifications are available in the Developer plan).

Does Patchstack conflict with any other security plugins?

We have not had issues with Patchstack conflicting with other security services, but we do recommend using as few different tools on your WordPress site as possible. Avoid enabling similar features if using another security plugin to prevent potential site-breaking issues. If you have any issues with other security tools, please contact our support so we could investigate the issue.

Are any logs stored in my database?

We do not store any logs in your database or your filesystem on the Community (free) version of Patchstack.

Does the Community (free) version plugin include a firewall?

Patchstack free version does not include a firewall, the free version is there to let you know if you have any vulnerabilities present on your website.

Will Patchstack slow down my website?

The free version of Patchstack does not run anything aside from scheduled tasks on your website, so there will be no noticeable difference. The paid version does run several tasks on each page load but based on tests from us and from our customers we have seen that Patchstack does not affect your website’s performance in any significant or noticeable way.

Does Patchstack work on a multisite environment?

Once you install the plugin on a multisite installation, you will see a page where you can activate Patchstack on the sites that are available on the multisite installation.
Each site will be added to the Patchstack app individually and will take up a slot on your account.

Where can I learn more about Patchstack?

You can learn more about Patchstack at the Patchstack website and blog.
See more here:

What support options are available with Patchstack?

Patchstack offers chat support at in addition to support articles available on the support page. To contact chat support, open and find the green chat bubble at the bottom right corner of your screen (note that some adblockers and privacy extensions can block this, so you might have to whitelist the Patchstack site).

How long does the Patchstack setup take?

Setting up Patchstack takes no more than a few minutes.

How do I upgrade from a Community (free) version to the Developer version?

You can upgrade from free to a paid version on your dashboard at the Patchstack App. Just log in at or directly go to to set up a plan.

Do I need to pay for support?

No, support from the Patchstack team is free. However, for free version users, replies may take up to 1-2 business days. Patchstack paid version users will receive an answer from the support within 24 hours.

What information does Patchstack collect?

We take your privacy very seriously. After activating Patchstack, it will store some information such as the software installed on your site. Please see our Terms & Conditions, Privacy Policy, and DPA for more information.

Where can I find Patchstack Terms & Conditions, Privacy Policy, and DPA?

Terms & Conditions:
Privacy Policy:
Data Processing Agreement (DPA):

How can I join the Patchstack Facebook community?

You can join the Patchstack Facebook community here:

What steps should I take to have my WordPress plugin undergo a security audit with Patchstack?

See more about Patchstack security audits here: You can also submit your plugin or theme to the Patchstack mVDP (Managed Vulnerability Disclosure Program).

Where do I report security bugs?

You can report any security bugs found in the source code of this plugin through the Patchstack Vulnerability Disclosure Program. The Patchstack team will assist you with verification and CVE assignment.


2024 年 4 月 26 日
Am using Patchstack for a couple Month now, service ist close to perfect and provides quick response to possible vulnerabilites.
2024 年 3 月 13 日
Very satisfied with the free version as it helped me with the recent Bricks vulnerability. We bought the on-demand per app protection since it’s only a single website that needs prevention. It helps that the UI is pretty and there are a whole bunch of other nice-to-haves that fit into any website maintenance and protection workflow. For eg. bulk updating of plugins, activity log, alerts, etc. If you’re looking for a malware removal plugin, Patchstack isn’t it. But it’s one step ahead – it looks to block out attacks altogether, saving you time and cost in trying to fix things. The time part is the biggest. If you have been through a malware removal, you’ll know how much time it takes. With Patchstack, it does it best to make sure it doesn’t even get there. vPatches are the biggest value, but that’s a paid feature. Definitely worth it, though. It’s like paying for insurance and hoping you never need it. But when the time comes (so many plugin vulnerabilities these days), it really saves you.
2024 年 2 月 2 日 4 則留言
Not sure about all those reviews but suspiciously all the reviews …. nearly at the same time ?Something fishy.Anyways. If this SUPER DUPER plugin is basically telling you which plugin is outdated …. no point to install and/or give access some who knows who to your system.If this Firewall is really as good as you saying ….. why there is no demo variant? I would like to see it with my own eyes as those reviews does not seem 100% legit.My first red flag it does nothing except as mentioned earlier.It does not even show if there is vulnerability of any kind while I’m sure there is plenty so if you show me a hint I might rethink my opinion and who knows …. maybe even buy a full PRO whatever version.All those reviews are fishy and do not trust them please.
2023 年 12 月 21 日
I started using the free version of Patchstack about a year and a half ago, and upgraded to the Developer plan several months ago. I switched over from another service, and I found that Patchstack found more vulnerabilities and sent notices faster. I’m also subscribed to some security newsletters, and I’ve found they are much slower. They often report vulnerabilities days or sometimes even weeks after Patchstack does. The free version is great, but the paid version gives me even more peace of mind. I know that my websites are protected right away, and the firewall protection means I don’t have to jump on the upgrades immediately. Also, some vulnerabilities get reported even when the developer hasn’t fixed the plugin yet. So far, on the paid version, Patchstack reported and virtually patched all of the ones that came up on my websites. It’s nice to not have to think about removing a plugin right away, just because the developer is slow to release a fix.
2023 年 11 月 30 日
As a website developer, PatchStack is a critical part of my security protocol for any site that I build. Having all plugins and themes on auto-update is not an ideal setup when this can break a production site that needs 99.99% uptime, and having a quarterly security review on all sites is difficult to manage. This makes the security work-flow event-driven and efficient.
2023 年 9 月 12 日
I was sad that WPScan discontinued their plugin. Then, JetPack picked up the work with JetPack Protection. I definitely did not want to use anything related to JetPack with their bloatware products.I am happy that Patchstack has a plugin to scan for plugin and theme vulnerabilities. The plugin works as expected and email notifications for finding any vulnerable plugin or theme is a must. Especially, with how big WordPress’s ecosystem has grown over the years with thousands upon thousands of open-source plugins and themes that are made for it. Being notified 48hrs of a security issue before it’s made public gives you enough time to update your software (if a fix is available) or take corrective measures to prevent a hack.
閱讀全部 42 則使用者評論


以下人員參與了開源軟體〈Patchstack – WordPress 及外掛安全性〉的開發相關工作。


〈Patchstack – WordPress 及外掛安全性〉外掛目前已有 2 個本地化語言版本。 感謝全部譯者為這個外掛做出的貢獻。

將〈Patchstack – WordPress 及外掛安全性〉外掛本地化為台灣繁體中文版


任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄


To view the changelog of the Patchstack plugin, please go to here.