Plesk Official Podcast

Getting Ahead of Site Security with Robert Rowley and Patchstack

Episode Summary

WordPress accounts for over 40% of the web, so security is a big, important topic for site owners. Luckily, both Plesk and Patchstack are dedicated to keeping WordPress sites safe! In this episode, Robert tells us about Patchstack’s global bug bounty program to help fund developers keeping open-source software safe. We also discuss how security ownership is a team effort, from the site owner to the hosting company. Vulnerabilities can happen at any level, so all stakeholders need to be vigilant. Finally, we talk a bit about risk analysis, how to stay ontop of patches and vulnerabilities, and what the future of site security looks like.

Episode Notes

Show Notes

• Subscribe
• Patchstack
• WordPress Toolkit

Top Takeaways

• Bug Bounty Programs are a way to get developers paid for finding and patching bugs. They are especially important for big, open-source projects like WordPress. 
• Patchstack runs a global bug bounty program where they guide and pay developers to find and patch bugs.
• Patchstack also maintains a patch and vulnerability database, which they use to notify site owners of patches to keep their sites safe. And now, Plesk’s WordPress Toolkit integrates directly with Patchstack – meaning customers will automatically get these notifications. 
• Site security is a team effort. It’s easy to assume it’s “someone else’s” problem, but the truth is everything from a poor server environment to a weak password can put a site at risk. 
• 2-Factor Authentication is an easy way to improve security, even if weak passwords do exist. 
• It’s important to patch vulnerabilities as soon as one is available. If there is no patch, it’s important to do risk analysis. If there’s some other protection (passwords or firewalls), you probably have some time. If not, you may need to change products. 
• A lot has changed over the last 20 years in site security, and the current environment favors site owners. However, things can always change. 
• More utilities give site owners the power to make moves and keep their sites secure. 
• In the future, Web3 and blockchain tech could be used to help secure sites because they are basically public ledgers. The experimentation now will make way for more practical applications.