WordCamp US is the premier North American event for web professionals

Building a More Secure WordPress, Together

A big thank you to all our Super Admin and Admin sponsors for making this year’s WordCamp US a success. Check out the message from our Admin Sponsor, Patchstack, who played a key role in supporting this event.


Logo for Patchstack

Are you ready to stop cleaning and start preventing attacks?

Site owners were made to believe that the only way to manage hacks was to scan sites and pay thousands to clean up hacks constantly. Plugin developers, on the other hand, were told to just write the code as cleanly as possible and hope for the best.

Hope isn’t a security strategy. Prevention is.

Goodbye, cleanups – hello, Patchstack!

Patchstack is the leading WordPress vulnerability research (and protection) authority. We find vulnerabilities in WordPress core, themes & plugins, and help both WordPress users protect their sites from attacks and plugin creators build safer products.

In 2023, Patchstack contributed 73% of all new vulnerabilities  found in the WordPress ecosystem, and we collaborated with hundreds of plugin creators to ensure most of the security issues received prompt fixes while keeping our users protected with virtual patching.

The key to our prevention recipe? Involving the whole ecosystem. Just as plugin creators have a responsibility to provide fast fixes to security issues, security researchers, too, should disclose vulnerabilities responsibly.

We see plugin developers and security researchers as equally important contributors to open-source, and both sides should work together to make sure vulnerabilities are not only discovered and discussed but also fixed.

Vulnerability disclosure for plugin developers

Patchstack knows the key to WordPress security isn’t in witch hunts against plugin developers. Instead, we’re excited to share our updated vulnerability disclosure program.

The mVDP is a free platform to help plugin developers address security reports faster, while staying compliant with the EU’s Cyber Resilience Act and receiving expert assistance from Patchstack’s team in triaging and resolving vulnerabilities.

Elementor’s Patchstack mVDP experiences

On Showcase Day, Wednesday 18th, our CEO, Oliver Sild, will be taking to the stage with Miriam Schwab, to share Elementor’s experiences in working together with Patchstack to find and fix security issues in their plugins.

👉 Join us for the talk at 2:30 PM PDT, and learn how Elementor is leveraging Patchstack’s Managed Vulnerability Disclosure and Bug Bounty Programs to build robust processes for handling security issues, fast.

Bug bounty and education for security researchers

Every month, Patchstack rewards security researchers from its Bug Bounty Pool. The program is open to all, and plugin developers don’t have to participate in the rewards for their plugins to be checked.

The Patchstack Bug Bounty Program also has special pools for the most critical zero-day vulnerabilities. A single researcher was awarded over $16,000 for a single critical vulnerability – the biggest bounty in Patchstack’s history.

P.S. In the mood for a CTF challenge?

👉 Drop by our booth to learn about the specifics and rewards of our WCUS-exclusive Capture-the-Flag challenge!

Educating the new generation of security researchers

As security becomes even more vital, Patchstack is taking proactive steps to educate the new generations of security researchers through the Patchstack Academy.

The Academy is a one-stop shop for budding security researchers to get education on finding and reporting bugs.

Easy-to-manage WordPress security for end users

There’s nothing that gets a WordPress site owner (or agency) ticked off more than having to stop what they’re doing just because there’s a plugin update. And we all know you can’t just apply a plugin update without testing it first.

Patchstack’s real-time protection (vPatching) provides instant mitigation and reduces your exposure to an attack, giving you time to test the updates in peace before applying them to your sites.

Patchstack’s intelligence is used by Hostinger, One.com, and Cloudways, as well as thousands of website owners and agencies.

Security networking hour at the Patchstack booth

Website security is a bit like a Jenga tower. It depends on many layers and pieces for addressing different threats; remove too many, and it’ll all come crashing down.

👉 That’s why we’ll be hosting a security networking session at our booth on September 19, from 3:15 to 5:00 pm.

Drop by to learn more about all the different pieces that have to work together to make WordPress a safer platform. And, well, join our team for a few rounds of giant Jenga!

WCUS, we can’t wait to meet in person! 💚

WordCamp US 2024 is over. Check out the next edition!