Imagine this…

You’re contacted by a security company. They’ve found a vulnerability in your plugin and give you 30 days to patch it. After hours of work, you’ve released the fix, but there’s a catch: you can’t notify your users that it’s a fix for a security issue. The security company will consider it an early disclosure and announce it immediately before your users have a chance to update it. If you follow best practices, as you should, and label the update as a ‘Security fix’ in the change log, hackers will immediately reverse-engineer your fix and exploit the vulnerability before the majority of your users have had the chance to apply the patch. If you don’t, your users won’t prioritise the update and remain exposed for longer.

It’s a tough situation—do you alert users and risk exploitation and premature disclosure? Or wait quietly for 30 days, hoping bad actors don’t strike before all users apply the patch?

 

Now…

Imagine having the power to protect your users even before your fix is rolled out. That’s exactly what we offer.

Before hurrying to write a patch and push it, let us know. We will silently push targeted firewall rules that prevent hackers from exploiting the vulnerability. Your users are protected even before you push out the patch. Once you’re ready to release your fix, you can push it without worry, knowing your users are safeguarded during the critical window before full patch adoption.

The security company can still announce the vulnerability when the time is up, and they get the credit for their discovery. Meanwhile, your users remain safe from exploitation. Everybody wins!

This solution lets you focus on what matters—building great plugins—without the stress of premature disclosure or leaving your users vulnerable.

With thousands of plugins out there and hundreds of vulnerabilities disclosed every month, this plugin is an essential part of a WordPress site’s security toolkit.