Crowdsourced Patches for Crowdsourced Vulnerabilities.
In the evolving world of WordPress, the battle against security vulnerabilities is constant. For millions of WordPress users, these vulnerabilities can lead to compromised websites, data breaches, and loss of user trust. Plugin and theme developers race to patch issues, while security researchers identify and disclose weaknesses. However, the current vulnerability management process leaves many websites exposed and at risk.
Security research companies discover vulnerabilities and notify plugin developers to patch them. After some time, they disclose the vulnerability to the public, allowing users to update their plugins. However, this system has flaws. Once vulnerabilities are publicly disclosed, hackers rush to exploit sites that haven’t yet applied the patch. Moreover, many security companies offer early protection only to premium users, leaving free plugin users vulnerable.
This process inadvertently puts many smaller websites at risk. The plugin developers themselves often cannot inform their own users about the nature of the vulnerability before the official disclosure, as this could be considered early disclosure, violating agreements with security companies. As a result, users may be unaware that their websites are vulnerable, and bad actors exploit the delay between disclosure and patching.
To solve this, we offer a free plugin that ensures immediate protection for all WordPress users. Our solution pushes firewall rules and patches as soon as vulnerabilities are disclosed, ensuring websites are protected without waiting for an official patch. This protection is silent and automatic, ensuring that users don’t need to take any immediate action.
Our approach:
Security should not be reserved for those who can afford premium services. The spirit of WordPress is inclusivity, and this should extend to security as well. When vulnerabilities are disclosed, they pose a risk to every website, regardless of its owner’s resources. Every WordPress user should have access to immediate protection.
Security researchers play a vital role in identifying vulnerabilities, but the current system leaves too many users exposed. Our approach aims to create a safer WordPress ecosystem for all, by closing the gap between vulnerability disclosure and patching.
This isn’t about taking credit—it’s about prioritizing the safety of small business owners, bloggers, and entrepreneurs who rely on WordPress. By silently closing the vulnerability gap, we aim for a future where WordPress security is accessible to everyone.
Let’s build a safer WordPress ecosystem together—one that protects all users, not just the privileged few.
Currently, security research companies identify vulnerabilities in WordPress plugins or themes and notify the developers. The developers are given time to create a patch. During this time, premium users of the security companies are offered protection against the vulnerability. After the patch is made, the vulnerability is disclosed publicly. Unfortunately, once disclosed, hackers can target websites that haven’t yet applied the patch, leaving many users vulnerable.
While the current process allows developers time to patch vulnerabilities, it unintentionally leaves many users—especially those without premium protection—exposed once the vulnerability is disclosed. Hackers actively target disclosed vulnerabilities, creating a window in which users who haven’t yet updated their plugins are vulnerable to attacks. The system also prevents plugin developers from informing their own users of vulnerabilities before public disclosure, limiting early protection.
We offer a free plugin that immediately pushes patches or firewall rules to protect websites when vulnerabilities are disclosed. This ensures all users are protected, regardless of whether they have premium protection. Our plugin works silently, pushing protection as soon as a vulnerability is disclosed, even if a patch from the developer hasn’t been applied yet.
Once a vulnerability is disclosed, our plugin pushes a silent update that either applies a patch or implements firewall rules to prevent exploitation. This immediate protection means that users are safeguarded against attacks, even if they haven’t yet applied the official patch provided by the plugin developer.
No, our goal is to protect users, not to take credit for patching or disclosures. Security research companies deserve recognition for their work in identifying vulnerabilities, and we respect that. We focus on providing immediate protection to all WordPress users, without seeking credit or publicity for doing so.
Yes, plugin developers can contact us to push patches through our platform before public disclosure. This ensures that their users are protected without violating early disclosure agreements with security companies.
Yes, our plugin is completely free and accessible to all WordPress users. We believe that security should not be a luxury and aim to protect every WordPress site, regardless of financial resources.
The WordPress ecosystem is built on open-source principles: inclusivity and accessibility. Unfortunately, the current vulnerability disclosure process leaves many users—particularly those using free plugins—vulnerable to attacks. By offering free, immediate protection, we aim to ensure that all WordPress users, regardless of financial status, are safeguarded from potential threats.
Unlike other security companies that offer early protection only to their premium users, our solution is free and available to everyone. We push patches and firewall rules silently upon vulnerability disclosure, ensuring that all users are protected, not just those with paid services.
No, our plugin works alongside official patches from developers. It provides temporary protection through firewall rules or patches until the official update is applied, ensuring that users are not left vulnerable during the critical window between disclosure and patch adoption.
Crowdsourced Patches for Crowdsourced Vulnerabilities.