In this post, you will find all that you need to know about the Patchstack Professional Plan.
I didn’t want to try the Patchstack Professional Plan but there were not good reviews out there so I had to get myself account and see.
These are my thoughts about the Patchstack Professional Plan and how it handles WordPress security.
Table of Contents
Patchstack Professional Plan: Price
I am huge fan of CloudFlare Firewall Rules. I believe in WordPress security without plugins.
A good hosting provider and 5 good CloudFlare rules can prevent your site getting attacked and hacked.
The Patchstack Professional Plan is $7.49 which is way too much for security if you haven’t paid for WordPress Security before.
If you want to pay annually, each month is $6.74 a month. Cheaper than WordFence Premium.
I think that Patchstack should have a better deal if you want to bring 10 sites to them.
They should have more plans for small agencies.
Patchstack Professional Plan: Sites
I don’t like taking screenshots because sometimes things change and the dashboard end up looking a little different than it looks now.
But this is how it looks like today.
We have nine section inside Patch Stack
- Plugins and API
There are other sections but these complement some of the nine sections:
If you ask me, I would add everything related to an specific measure in one place, since clicking around may complicate things for some WordPress
If you can handle messy interface, I am sure you can handle this.
Patchstack Professional Plan: Overview
The overview section indicated that I am missing security headers:
- Referrer-Policy: This header should be set to no-referrer to prevent referrer information from being sent.
- X-Frame-Options: This header should be set to DENY to prevent any domain from framing (iframe) the site.
- X-XSS-Protection: This header should be set to 1 so browsers can attempt to block XSS attacks.
I think that I can add these using the .HTACCESS file or you can add them via Patchstack if you are going to be one of their long-time users
This section also confirms that there are no present vulnerabilities in any of the plugins that my site is using.
Patchstack Professional Plan: Hardening
The hardening section from Patchstach focuses on four security measures:
- Login Protection
- Cookie Notice
In the Firewall tab you can:
- Activate the advanced firewall protection (not sure what it protects you from)
- Block IP’s for a certain period of time after a specific number of attacks (I love it)
- Block IP’s (I never do that, you can get a new one easily)
- Whitelist your IP (Hopefully you have an static one)
- Block countries (Why not continents like CloudFlare does?)
- Add security headers
- Prevent visitors from seeing certain files like license.txt file and others
- Disable Index views
- Prevent image hotlinking
- Add more rules to the .HTACCESS file
I like that Patchstack is providing all these security features but this is not something I haven’t seen in other security plugins before.
In the hardening tab you can:
- Auto update your themes and plugins
- Remove some unnecessary files from your wordPress installation
- Disable user numeration
- Hide your WordPress numeration
- Enable activity log
- Log Failed logins
- Block application password
- Restrict XML-RPC
- Restrict WP Rest API Access
- Blacklisting Emails
- Adding recaptcha to login, registration and password forms
I love each one of the features here, nothing that I haven’t seen before but having all of them in place makes life easier for websites owners
In the login tab you can:
- Block access to the default Wordpress login page
- Create a new login URL
- Ban IPS used for Brute Force Attacks
- Enforce specific logon hours
- Start using 2FA
- Whitelist IPS to avoid 2FA
This gathers lots of security measures found in the most used WordPress Security plugins.
Patchstack Professional Plan
The other sections don’t have that many security measures so I am gonna save some headings and add them all here
- In the Firewall section, you can see all the IP’s that have been banned and you can also unban any IP that you want.
- The uptime section logs if your site has been down
- The activity menu is where you can some website-related events
- The User section contains information about the website users and their roles
- The Add-ons has additional services that you have to pay extra if you want to use them. For example $4 to have somebody check and clean up your site
- Plugin & API has information to connect your website to PatchStack
More about the PatchStack Firewall
I don’t know why they don’t add gather all the firewall-related stuff in one place:
The Firewall has two main modules:
- OWASP Top 10 Protection (something available on CloudFlare Pro only)
- WordPress Virtual Patches (something available on CloudFlare Pro only)
You don’t need to learn anything here, you only have to know that OWASP and the WordPress Virtual Patching are part of your Firewall.
Your site will be secure unless you make some dumb decisions like installing a nulled plugins or something along those lines
I like that you can create custom rules inside of Patchstack but you can be far more creative with CloudFlare Firewall Rules
With CloudFlare Firewall Rules, you can challenge and blocks based on HTTP version, referrer, Hostname, ASN and 10 more other patterns.
So I hope they take a page from CloudFlare success and improve the custom rules options.
Since PatchStack is not a CDN, I think that they can incorporate all the feature Custom CloudFlare rules have.
Verdict: Would I pay for This?
If you are WordFence Premium user, I would switch to this, you can save a few bucks and you can get more for your money.
As a CloudFlare user, I am not sure if I would pay for this service. I am handling the security of my sites using five Firewall rules.
Writing custom firewall rules on CloudFlare can take time if you don’t know what you are doing, so I understand how Patchstack users might fall in love with the effectiveness and simplicity of the plugin.
I like PatchStack, I think it is way better than a bunch of plugins out there and I like it more than WordFence.
I am sure Patchstack will continue evolving and become one of the best options to handle your WordPress security.
More about WordPress Security
These are some posts about WordPress Security