February 8, 2023 — Today, iThemes is pleased to announce we’re partnering with Patchstack to provide early warnings about potential vulnerabilities in WordPress sites protected by our security plugins, iThemes Security and Security Pro.
What’s changing?
Patchstack’s vulnerability database and Threat Feed are now powering the iThemes Security Site Scan feature.
Site Scan is a key security tool in our iThemes Security and Security Pro products. Site Scan alerts WordPress site owners if the version of a plugin or theme they’re using has a known vulnerability. As soon as vulnerabilities emerge, Site Scan gives site owners and administrators a warning with further information provided by Patchstack.
Timothy Jacobs, iThemes Security Lead Developer and WordPress Core Committer, says he’s “excited to bring Patchstack’s Threat Feed to the iThemes Security community” so iThemes customers can respond to vulnerabilities quickly.
This change is effective immediately and does not require an update of the iThemes Security or Security Pro plugins. Users will notice the Patchstack logo when they click for more details about vulnerabilities detected by Site Scan.
Using Patchstack’s vulnerability database doesn’t change how iThemes Security works. Its Site Scan feature and vulnerability alerts have not changed. Only the data source that Site Scan uses has changed. The security alerts iThemes Security users receive will not change.
Why we’re making this change
Patchstack Security Advocate Robert Rowley says the Threat Feed is a way for site owners to “get ahead of hackers.” Patchstack’s service will provide iThemes Security with a 48-hour advance warning and information about new WordPress core, theme, and plugin vulnerabilities.
Rowley described Patchstack as a company that’s about “empowering site owners” to address vulnerabilities “based on security intelligence.” Sending warnings as soon as possible “when sites are running insecure components” is how he sees Patchstack helping iThemes users. Web developers and agencies that need to “easily secure WordPress sites from plugin vulnerabilities” can best make use of timely security alerts, according to Rowley.
At iThemes, we want to share the benefits of Patchstack’s security intelligence with all our users. That’s why the Patchstack Thread Feed will power security alerts in our premium Security Pro product and the free version. Following open source values, sharing actionable security information widely is essential to securing WordPress and its product ecosystem.
Who is Patchstack?
Patchstack is a leader in the WordPress security space with an innovative platform and team dedicated to openness and collaboration. Patchstack’s progressive initiatives include support for many security researchers whose work makes WordPress and open-source software safer. Patchstack’s commitment to WordPress is reflected in its impact on the well-being of both the software platform and its community.
Looking to the future
WordPress currently powers more than 43% of all websites. As attempted cyberattacks increase every year, securing hundreds of millions of sites depends on the free flow of vulnerability data.
Timely security notifications are invaluable to site owners, agencies, and freelancers who are using iThemes Security to protect numerous WordPress sites that are vital to their business, clients, and users. With iThemes Security, anyone can use Patchstack’s security intelligence to deliver rock-solid security for all their WordPress websites.
We’re looking forward to supporting our iThemes Security customers with a long collaborative partnership with Patchstack that also benefits the entire WordPress community!
Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.