Patchstack’s marketing makes their service sound really impressive. Take this claim from their homepage:
Be notified instantly when there is a new security vulnerability present on any of your sites. Patchstack monitors security of all WordPress core, plugin and theme versions in real-time.
If they really had the capability to do that, then vulnerabilities in WordPress plugins should be a thing of the past. But they are not, so what is really going on? What Patchstack’s service actually does is check if the version of a plugin installed on a website contains a publicly known vulnerability that is in a database they compile. That means they you are not going to be instantly warned about vulnerabilities. But at least they are doing “real-time” monitoring so they can quickly warn about them? No. As an example of that, we noted last year that Patchstack had failed to warn about a vulnerability two weeks after the developer had disclosed they had fixed. Even months later, they still hadn’t warned their customers about that.
Being the first to warn about a vulnerability isn’t even very valuable if you are claiming the vulnerability has been fixed when it hasn’t. Going back to Patchstacks marketing, that shouldn’t be an issue with them:
Hand curated, verified and enriched vulnerability information by Patchstack security experts.
In reality, we keep finding they are not doing that verification, which in one recent instance led to many websites getting hacked unnecessarily.
So, yeah, Patchstack lies a lot, and the results for their customers are not good. So what is the best alternative? The problem is that lots of the other options are run by people that like Patchstack are promising amazing results and not even attempting to deliver those results. It’s why the security industry does such a bad job. With our Plugin Vulnerabilities service, we actually do the work we promise and that leads to better security for our customers. Unlike Patchstack and many other WordPress security services, our is a Certified WP Security service, so you can be assured that it delivers the promised results.