As promised in the v6.3 announcement, WP Toolkit is back again with another major release. We are excited to introduce to you WP Toolkit v6.4 with: Vulnerability Protection!
WP Guardian’s Vulnerability Protection is now a part of WP Toolkit. Think of it as your website’s personal superhero, perpetually vigilant, ready to deploy virtual shields to fend off the cyber underworld.
Vulnerability Protection with Virtual Patching by Patchstack
Vulnerability Protection is your stalwart guardian, focused on neutralizing high and medium-risk threats with precision and speed. And here’s why you might not see protection for every single vulnerability:
New Threats: Our team works around the clock to create virtual patches for high-risk vulnerabilities within hours. Medium-risk threats might take a few days, but rest assured, they’re being addressed.
Low-Risk Vulnerabilities: Some threats are more bark than bite, posing minimal danger. These don’t require immediate patching and are monitored to ensure they remain low-risk.
Database Limitations: Vulnerability protection is powered by technology provided by our security partners from Patchstack, so it works with vulnerabilities in Patchstack database. Vulnerabilities that are present only in Wordfence database or not matched with corresponding entries from Patchstack database do not receive protection rules. We’re working on matching all possible duplicates between two databases, but it will take us some time, since there are thousands of entries to be matched.
How does it work?
Protection is a service continuously working in the background, like an antivirus or a firewall. Enabling protection on a site installs a small worker plugin inside your WordPress. This plugin monitors your WordPress assets (plugins, themes, and WordPress core), constantly checking if they have any dangerous vulnerabilities. When such vulnerability is found, the plugin automatically downloads and applies special protection rules that prevent this vulnerability from being exploited on the site. After vulnerable asset is updated and vulnerability is removed by the update, protection rules are unapplied automatically.
This approach ensures minimal performance overhead, as protection rules (also known as virtual patches) are very small and they’re applied surgically, only for those vulnerabilities which are actually present on a site. Moreover, since these protection rules work similar to firewall rules, they do not modify or change the site code itself in any way, ensuring its integrity.
Ready to Secure Your WordPress Website?
Vulnerability Protection is the linchpin of the WP Guardian platform. With WP Guardian, you don’t just get automatic patching; you get an arsenal of powerful security tools, including Smart Updates and Smart PHP Updates. As part of the WP Guardian platform, to obtain this feature requires purchasing a separate license is called WP Guardian (Plesk addon).
You can also use the Service Plans on Plesk. They now include a separate limit for the number of sites vulnerability protection can use. This limit is set to zero by default to ensure resellers and customers cannot see this feature unless specified by the server administrator. In other words, only server administrators are able to see this feature and its purchase prompts out of the box. If you want to disable this feature completely (so that even server admin can’t see it), you can put the following line in the panel.ini(Plesk) file:
virtualPatchesFeature=0
To Recap, vulnerability protection is:
- Automated: Protection works continuously and automatically, protecting the site from current and future vulnerabilities without user involvement.
- Non-invasive: Protection rules work like a firewall, so they never modify the site code.
- Lightweight: Protection rules are applied only for specific vulnerabilities present on a given site, so they have minimal effect on site performance. (Premium feature)
No comment yet, add your voice below!