Login

Spring into action! Get up to 80% off hosting for WordPress and launch your site today!

JetHost’s Help Center

Search for hosting support and solutions.

How to use Patchstack Protection in JetHost WordPress Manager

Patchstack Protection is a WordPress vulnerability scanner and mitigation tool integrated into JetHost WordPress Manager. In particular, it monitors your WordPress core, plugins, and themes for known vulnerabilities and blocks exploitation attempts before they succeed. Furthermore, the Business plan for hosting for WordPress includes Patchstack or available as an add-on for other plans, giving you an extra layer of security directly from your hosting control panel.

JetHost WordPress Manager Patchstack

Accessing Patchstack Protection

To access Patchstack Protection, navigate to the Patchstack Protection tab from the top navigation menu in WordPress Manager. The tab appears with a “NEW” label to indicate it is a recent addition. Once there, you’ll see whether your plan includes Patchstack and an option to activate it for your site.

Activating Patchstack for your site

If your plan includes Patchstack, the tab will show a message such as “Your plan includes Patchstack protection” and ask whether you want to activate it for your domain. Click the orange Activate button to enable protection. Activation applies immediately, and Patchstack begins monitoring your WordPress installation for vulnerabilities.

Plan availability

Patchstack availability depends on your hosting plan. With the hosting for WordPress Business plan, Patchstack is included for one domain for the full duration of your service. For Mini, Start, and Maverick plans, Patchstack can be added for a small monthly fee per domain. Check the Patchstack Protection tab to see your current status and options.

Patchstack Protection tabs

After activation, Patchstack Protection provides three sub-tabs for managing your site’s security:

JetHost Manager Patchstack information

Vulnerabilities tab

The Vulnerabilities tab shows your overall protection status and a detailed list of detected vulnerabilities. At the top, a green “Website is protected!” badge confirms that Patchstack is active. Below that, you’ll see key metrics:

  • Vulnerabilities present: How many known vulnerabilities affect your installed software
  • Vulnerabilities resolved: How many have been fixed (e.g., after updates)
  • Threats blocked: How many exploitation attempts Patchstack has blocked

The vulnerabilities list displays each issue with the affected plugin or theme name, vulnerability type (such as Server-Side Request Forgery or Broken Access Control), severity, and date. Use the search bar and filters to find specific vulnerabilities. You can filter by priority, exploited status, and whether a fix is available. Moreover, each entry can be expanded for more details.

Software tab

JetHost Manager Patchstack Software information

The Software tab lists all components Patchstack monitors: your database, PHP version, and every installed plugin and theme. Each entry shows the component name, version, and security status. Components marked Up to date have no known vulnerabilities, while those marked Vulnerable appear in red and require attention.

Use the Resync software button to refresh the list after installing or updating plugins and themes. Additionally, the Software tab includes auto-update toggles:

  • Vulnerable only (recommended): Automatically updates only components with known vulnerabilities
  • Core: Auto-update WordPress core
  • Plugins: Auto-update all plugins
  • Themes: Auto-update all themes

Enabling “Vulnerable only” is often the best balance between security and stability, as it updates only when necessary. A red badge with a number next to the Software tab indicates how many vulnerable components need attention.

Protection tab

JetHost Manager Patchstack Protection Stats

The Protection tab displays the Protection modules that Patchstack uses to defend your site. A module is a collection of mitigation rules managed by Patchstack; modules automatically protect your site from attacks without modifying your code.

Three main protection modules are available:

  • RapidMitigate WordPress: Highly targeted automatic mitigation rules ready to deploy against medium and high priority vulnerabilities. Thousands of mitigation rules are available to block known exploits.
  • Advanced Hardening: Additional security rules that block common malicious requests against WordPress sites. These rules add an extra layer of protection beyond vulnerability-specific mitigations.
  • Community IP Blocklist: Blocks IP addresses known to exploit vulnerabilities. This module contributes threat data back to the community, helping protect other users as well.

Modules with a green checkmark are active and protecting your site. Review the Protection tab to see which modules are enabled and how many rules or blocked IPs each one uses.

How Patchstack works

Patchstack maintains one of the largest real-time WordPress vulnerability databases and uses thousands of mitigation rules to protect your site. Unlike traditional Web Application Firewalls (WAFs) that run constantly, Patchstack activates only when an actual exploitation attempt is detected. Consequently, it adds protection without a noticeable impact on performance.

What Patchstack protects against

Patchstack blocks common attack types including:

  • Remote Code Execution (RCE): Prevents attackers from running malicious code on your server
  • SQL Injection (SQLi): Blocks attempts to manipulate your database
  • Cross-Site Scripting (XSS): Stops injection of malicious scripts into your pages
  • Server-Side Request Forgery (SSRF): Prevents attackers from making your server request internal resources
  • Broken Access Control: Mitigates flaws that allow unauthorized access to restricted areas

Moreover, Patchstack applies these rules without modifying your code, so your site continues to function normally while being protected.

Responding to vulnerabilities

When Patchstack reports vulnerable software, take action promptly:

  • Update the component: Check the Plugins & Themes section for available updates
  • Enable vulnerable-only auto-updates: In the Software tab, turn on “Vulnerable only” to automatically update affected components
  • Replace or remove: If no update is available, consider replacing the plugin or theme with an alternative, or removing it if not essential
  • Rely on mitigation: Patchstack may already be blocking exploitation attempts; check the “Threats blocked” metric

Why vulnerability protection matters

Thousands of new vulnerabilities are discovered in the WordPress ecosystem each year, with most found in plugins and themes. Many flaws are exploited within hours of public disclosure, often before site owners can update. Patchstack provides protection even when a patch is not yet available, reducing the window of exposure. For more context, see our blog post.

Combining Patchstack with other security features

Patchstack works alongside other WordPress Manager security tools for stronger protection:

Patchstack adds proactive protection; updates and backups remain important for long-term security.

Need more help?

Explore more WordPress Manager guides and hosting tutorials in our knowledgebase. The WordPress Manager is included free with all hosting for WordPress plans at JetHost.

For additional support with Patchstack or WordPress security, our team is here to help you protect your website.

Back to Help

Payment Methods

AS SEEN ON
Trust ReefTrust Reef
AND OVER 500 NEWS SITES

Now it’s your turn.

JetHost review
JetHost review

Hosting Services

Domains

About JetHost

Head to Head

Resources

2024-2026 ©Jet Host. All Rights Reserved.