{"id":11291,"date":"2024-09-12T13:00:00","date_gmt":"2024-09-12T20:00:00","guid":{"rendered":"https:\/\/us.wordcamp.org\/2024\/?p=11291"},"modified":"2024-09-12T12:20:12","modified_gmt":"2024-09-12T19:20:12","slug":"building-a-more-secure-wordpress-together","status":"publish","type":"post","link":"https:\/\/us.wordcamp.org\/2024\/building-a-more-secure-wordpress-together\/","title":{"rendered":"Building a More Secure WordPress, Together"},"content":{"rendered":"\n

A big thank you to all our Super Admin and Admin sponsors for making this year\u2019s WordCamp US a success. Check out the message from our Admin Sponsor, Patchstack, who played a key role in supporting this event.<\/em><\/p>\n\n\n\n

\n\n\n\n
\"Logo<\/figure>\n\n\n\n

Are you ready to stop cleaning and start preventing attacks?<\/p>\n\n\n\n

Site owners were made to believe that the only way to manage hacks was to scan sites and pay thousands to clean up hacks constantly. Plugin developers, on the other hand, were told to just write the code as cleanly as possible and hope for the best.<\/p>\n\n\n\n

Hope isn\u2019t a security strategy. Prevention is.<\/em><\/p>\n\n\n\n

Goodbye, cleanups \u2013 hello, Patchstack!<\/h2>\n\n\n\n

Patchstack<\/a> is the leading WordPress vulnerability research (and protection) authority. We find vulnerabilities in WordPress core, themes & plugins, and help both WordPress users protect their sites from attacks and plugin creators build safer products.<\/p>\n\n\n\n

In 2023, Patchstack contributed 73% of all new vulnerabilities<\/a>  found in the WordPress ecosystem, and we collaborated with hundreds of plugin creators to ensure most of the security issues received prompt fixes while keeping our users protected with virtual patching.<\/p>\n\n\n\n

The key to our prevention recipe? Involving the whole ecosystem.<\/strong> Just as plugin creators have a responsibility to provide fast fixes to security issues, security researchers, too, should disclose vulnerabilities responsibly.<\/p>\n\n\n\n

We see plugin developers and security researchers as equally important contributors to open-source, and both sides should work together to make sure vulnerabilities are not only discovered and discussed but also fixed.<\/p>\n\n\n\n

Vulnerability disclosure for plugin developers<\/h2>\n\n\n\n

Patchstack knows the key to WordPress security isn’t in witch hunts against plugin developers. Instead, we\u2019re excited to share our updated vulnerability disclosure program.<\/a><\/p>\n\n\n\n

The mVDP is a free platform to help plugin developers address security reports faster, while staying compliant with the EU\u2019s Cyber Resilience Act and receiving expert assistance from Patchstack\u2019s team in triaging and resolving vulnerabilities.<\/p>\n\n\n\n

Elementor\u2019s Patchstack mVDP experiences<\/h3>\n\n\n\n

On Showcase Day, Wednesday 18th, our CEO, Oliver Sild, will be taking to the stage with Miriam Schwab, to share Elementor\u2019s experiences in working together with Patchstack to find and fix security issues in their plugins.<\/p>\n\n\n\n

\ud83d\udc49 Join us for the talk at 2:30 PM PDT, and learn how Elementor is leveraging Patchstack\u2019s Managed Vulnerability Disclosure and Bug Bounty Programs to build robust processes for handling security issues, fast.<\/strong><\/p>\n\n\n\n

Bug bounty and education for security researchers<\/h2>\n\n\n\n

Every month, Patchstack rewards security researchers from its Bug Bounty Pool<\/a>. The program is open to all, and plugin developers don\u2019t have to participate in the rewards for their plugins to be checked.<\/p>\n\n\n\n

The Patchstack Bug Bounty Program also has special pools for the most critical zero-day vulnerabilities. A single researcher was awarded over $16,000<\/a> for a single critical vulnerability \u2013 the biggest bounty in Patchstack’s history.<\/p>\n\n\n\n

P.S. In the mood for a CTF challenge?<\/h3>\n\n\n\n

\ud83d\udc49 Drop by our booth to learn about the specifics and rewards of our WCUS-exclusive Capture-the-Flag challenge!<\/strong><\/p>\n\n\n\n

Educating the new generation of security researchers<\/h2>\n\n\n\n

As security becomes even more vital, Patchstack is taking proactive steps to educate the new generations of security researchers through the Patchstack Academy.<\/a><\/p>\n\n\n\n

The Academy is a one-stop shop for budding security researchers to get education on finding and reporting bugs.<\/p>\n\n\n\n

Easy-to-manage WordPress security for end users<\/h2>\n\n\n\n

There\u2019s nothing that gets a WordPress site owner (or agency) ticked off more than having to stop what they\u2019re doing just because there\u2019s a plugin update. And we all know you can\u2019t just apply a plugin update without testing it first.<\/p>\n\n\n\n

Patchstack\u2019s real-time protection (vPatching) provides instant mitigation and reduces your exposure to an attack, giving you time to test the updates in peace before applying them to your sites.<\/p>\n\n\n\n

Patchstack\u2019s intelligence is used by Hostinger, One.com, and Cloudways, as well as thousands of website owners and agencies.<\/p>\n\n\n\n

Security networking hour at the Patchstack booth<\/h2>\n\n\n\n

Website security is a bit like a Jenga tower. It depends on many layers and pieces for addressing different threats; remove too many, and it\u2019ll all come crashing down.<\/p>\n\n\n\n

\ud83d\udc49 That\u2019s why we\u2019ll be hosting a security networking session at our booth on September 19, from 3:15 to 5:00 pm.<\/strong><\/p>\n\n\n\n

Drop by to learn more about all the different pieces that have to work together to make WordPress a safer platform. And, well, join our team for a few rounds of giant Jenga!<\/p>\n\n\n\n

WCUS, we can\u2019t wait to meet in person! \ud83d\udc9a<\/p>\n","protected":false},"excerpt":{"rendered":"

A big thank you to all our Super Admin and Admin sponsors for making this year\u2019s WordCamp US a success. Check out the message from our Admin Sponsor, Patchstack, who played a key role in supporting this event. Are you ready to stop cleaning and start preventing attacks? Site owners were made to believe that […]<\/p>\n","protected":false},"author":15433379,"featured_media":8058,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11291","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-updates"],"jetpack_featured_media_url":"https:\/\/us.wordcamp.org\/2024\/files\/2024\/07\/patchstack_logo_dark_3.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/posts\/11291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/users\/15433379"}],"replies":[{"embeddable":true,"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/comments?post=11291"}],"version-history":[{"count":2,"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/posts\/11291\/revisions"}],"predecessor-version":[{"id":11294,"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/posts\/11291\/revisions\/11294"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/media\/8058"}],"wp:attachment":[{"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/media?parent=11291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/categories?post=11291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/us.wordcamp.org\/2024\/wp-json\/wp\/v2\/tags?post=11291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}