Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

Other uncategorised cookies are those that are being analysed and have not been classified into a category as yet.

Skip to content

Patchstack protection modules

Introduction

Patchstack modules are modules managed by us and regularly updated to contain the latest vPatch definitions. Below contain the modules which you can enable on your sites with a description about its functionality.

vPatches

This module contains all the vPatches that protect you against plugin, theme and WordPress vulnerabilities for which we generated a vPatch. These vPatches match against specific conditions in the request to ensure a as low as possible false positive rate.

For example, a vPatch for a plugin vulnerability which allows someone to export all orders due to the plugin not implementing proper authorization checks may contain the following conditions:

  • If the requesting URL contains /wp-admin/index.php?export_orders=1
  • AND
  • If the current authenticated user is not a Shop Manager or Administrator
  • THEN
  • Block request

This allows us to block specific attacks without it affecting users who still may need to access the ability to export orders.

Advanced Hardening

This module contains protection rules that protect you against commonly seen attacks that target WordPress sites. Some examples of the protection rules that are part of this module are listed below. All of them are not executed against users who are logged in as administrator.

These protection rules could cause false positives with remote WordPress management tools, in particular the protection rules that block settings from being changed by unauthenticated users.

  • Block file uploads containing .php and .html extensions.
    • These attacks attempt to upload .php backdoors to gain full access to your site.
  • Block requests that contain wp-config.php anywhere in the URL or form payload.
    • These attacks attempt to read or write to your wp-config.php file to steal your WordPress salts and database information.
  • Block requests that contain default_role and administrator.
    • These attacks attempt to change the default registration role to administrator so new accounts are immediately granted the administrator privilege.
  • Block requests that contain users_can_register.
    • These attacks attempt to enable the registration feature by setting the users_can_register WordPress option to 1. Malicious people usually do this together with changing the default registration role.
  • Block requests that contain _capabilities and administrator.
    • These attacks attempt a user to change their own privilege from a lower privilege, such as subscriber, to that of an administrator.
  • Block requests that contain wp_is_mobile in the browser user agent (spoofed).
    • At one point a large number of premium plugins/themes from a vendor contained a backdoor that got triggered with this string in the user agent. We block attacks if this is present.

Community IP Blocklist

Community IP blocklist blocks access to IP addresses which are known to exploit vulnerabilities. This module contributes threat data back to the Patchstack network.

Generic OWASP

This module contains protection rules that protect you against requests that contain certain patterns that match the OWASP top 10 ruleset.

This provides very aggressive protection and has a higher chance of false positives, so it is only recommended to enable this on sites with a low number of plugins and do not run some sort of e-commerce environment such as WooCommerce.

1