How do I get this feature?<\/strong><\/h4>\n\n\n\nVulnerability protection (also known as virtual patching) is a part of the WP Guardian platform. It requires purchasing a separate license called WP Guardian (cPanel Add-On).<\/strong><\/p>\n\n\n\nHow do I control who gets this feature?<\/strong><\/p>\n\n\n\nPackages in WHM now include a separate limit for the number of sites that can use vulnerability protection. This limit is set to zero by default to make sure resellers and customers cannot see this feature unless server administrator wants them to. In other words, only server administrators are able to see this feature and its purchase prompts out of the box. If you want to disable this feature completely (so that even server admin can’t see it), or if you’d like to configure the upsell links presented in WHM part of WP Toolkit, do the following:
* Navigate to manage2.cpanel.net and log in,
* Select Update Company Information and scroll down to the Sales Option section
* Change Purchase WP Guardian (cPanel Add-On) item to Custom Store (which will prompt you to specify your own store URL) or Do Not Sell (which will completely hide the feature).<\/p>\n\n\n\n
We hope that vulnerability protection feature will make millions of WordPress websites managed by WP Toolkit safer, contributing to the overall health of the WordPress ecosystem.<\/p>\n\n\n\n
Risk Rank and Vulnerability Filtering: Streamlining Vulnerability Management<\/strong><\/h3>\n\n\n\nYou might remember that WP Toolkit v6.3 has introduced the integration with Wordfence database. Now site admins around the world could see even more vulnerabilities on their websites! But do you know what’s better than seeing more vulnerabilities on your sites? Feeling the magical bliss from not seeing any pointless ones:
The image above is what site admins will see in v6.4 after installing a fresh copy of WordPress.
Wordfence database has introduced a number of vulnerabilities in WordPress core unlikely to ever be fixed by the WordPress team. These vulnerabilities are low-risk, theoretical, not-likely-to-be-exploited-ever, and so on. In other words, they were not important enough to really care about, and they weren’t getting a fix any time soon — but since they were present, site admins got vulnerability warnings on basically all WordPress sites without being able to do anything about it. This made vulnerability alerts pointless, since people were quickly getting alert fatigue. There was no way to differentiate between things you should take care of (dangerous or exploited vulnerabilities) and things you could simply ignore (like these low-risk WordPress core vulnerabilities), so people started to just ignore everything. This needed to be fixed, the sooner the better, and we did just that.<\/p>\n\n\n\n
So, what did we do and how did we do it?<\/strong><\/strong><\/h4>\n\n\n\nWP Toolkit v6.3 has also introduced the vulnerability filtering feature. It utilized a user-provided CVSS score threshold to hide vulnerabilities below the specified score. The main problem was that CVSS rating used for filtering vulnerabilities is difficult to understand for non-tech users (“what number I’m supposed to use as a threshold?<\/em>“) and, without going into details, it’s not always accurately reflecting the actual severity of WordPress-specific vulnerabilities. We’ve set out to replace CVSS with our own internal Risk rank that’s calculated based on CVSS, EPSS, Patchstack Patch Priority and some other markers.
Our Risk rank does a much better job at reflecting the actual severity of WordPress vulnerabilities, so we’ve switched the filtering from CVSS to Risk rank. We have also enabled this filtering by default, meaning that all vulnerabilities with “low<\/em>” risk rank will be hidden and ignored after the upgrade to WP Toolkit v6.4. This is how it looks now:
<\/p>\n\n\n\nThis solution gives a better out-of-the-box experience (no more warnings that your WordPress is vulnerable on a fresh install), doesn’t annoy users, retains the value of Wordfence database where it’s actually needed (there are some genuine vulnerabilities only present in the Wordfence database at the moment), and leaves the control in the hands of users. And yes, we’ve checked and confirmed that all these “annoying, low-score, won’t be fixed” WordPress core vulnerabilities reported by Wordfence will be correctly filtered out, so unless end-users explicitly disable the filtering, it should be smooth sailing with no distractions from that moment on.
<\/p>\n\n\n\n
Preinstallation of WordPress & Sets on cPanel: Simplifying Site Provisioning<\/strong><\/h4>\n\n\n\nAll cPanel packages now have a package extension with WP Toolkit option for preinstalling a WordPress site when the account with this package is created. Another option allows to choose which set should be automatically installed together with WordPress. This set will be installed every time a new WordPress site is installed under the corresponding account.
Disclaimer: This feature fully works when used via GUI, but it might have limited availability via API for now. We’re working on making it available via API as soon as possible.<\/p>\n\n\n\n
Bug fixes & Improvements: Ensuring a Smooth Experience<\/strong><\/h4>\n\n\n\nWP Toolkit Version 6.4 also includes numerous bug fixes and enhancements borne out of user feedback, enhancing overall product stability and performance.<\/p>\n\n\n\n
The Road Ahead<\/strong><\/h3>\n\n\n\nOur next stop on the road ahead is working on improving the performance of WP Toolkit, together with several bugfixes, long-requested features, and further improvements for the upcoming updates. Stay tuned.
<\/p>\n","protected":false},"excerpt":{"rendered":"
Get the WP Guardian Add-On For Partners Set Up via Manage2 As promised in the v6.3 announcement, WP Toolkit is back again with another major release. With v6.4 we introduce to you, Vulnerability Protection, and more! Let\u2019s go over the changes in detail together. Vulnerability Protection: Safeguarding Your WordPress Sites Our new WP Guardian offering […]<\/p>\n","protected":false},"author":97,"featured_media":66661,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[49,2281],"tags":[],"class_list":["post-66433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","category-security"],"acf":[],"yoast_head":"\n
Introducing WP Toolkit v6.4: Vulnerability Protection with Patchstack. | cPanel<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n\n\n\n\n\n\t\n\t\n\t\n