SiteLock Acquires Patchman’s Malware and Vulnerability Detection Technology, Expands WordPress Customer Base to 4 Million

SiteLock, a website security company, has acquired Patchman, a Dutch security startup that offers automated vulnerability patching and malware removal for hosting providers. Prior to the acquisition SiteLock protected 6 million sites, with 2.2 million of them running on WordPress. The addition of Patchman extends SiteLock’s customer base to 12 million sites and more than 4 million of those are powered by WordPress.

Patchman detects vulnerabilities in a wide range of popular applications and quarantines and patches threats automatically. The quarantine feature neutralizes malicious files by removing them from public access. Patchman supports detection and patching for WordPress 3.x and later.

Historically, the service has not included patches for plugins but it has applied them on a case-by-case basis for high impact vulnerabilities, including a few found in WP Super Cache, MailPoet, and the open source Genericons font project. The Patchman dashboard allows users to easily track files where vulnerabilities have been detected, view status, and revert patches if necessary.

Patchman’s single focus on hosting providers gives SiteLock the opportunity to offer more options to its hosting partners. With the acquisition, the company is now partering with more than 500 hosting providers, including BlueHost, 1&1,, InMotion, Melbourne IT, GMO (NTT), and many others.

“During our early talks, Patchman was not looking to be acquired and SiteLock wasn’t looking to acquire,” SiteLock President Neill Feather said. After meeting at the WorldHostingDays show in Rust, Germany in late March this year and at another show in Los Angeles, the companies found they shared similar goals and would be in a better position working together.

“It truly was a matter of 1+1=3,” Feather said. “Traditionally, SiteLock is very strong in detecting and removing malware for end users. Patchman offers a service tailored specifically to hosting providers and aimed at fixing the security vulnerabilities that hackers exploit to infect websites with malware. By working together we are able to address a wider market and offer a broader solution to the problems that we solve for our customers. We can now attack the problem from multiple angles.”

Patchman’s technology will compliment SiteLock’s existing security features but the company has not yet decided how it will be incorporated into its security plans for customers. Feather said the team is still jointly building out its future roadmap to give hosts and end customers access to a wider range of products. They are also considering making Patchman’s detection technology compatible with more products in the WordPress ecosystem.

Feather could not disclose any specifics on revenue generated by SiteLock’s WordPress security products but approximately 30% of its newly expanded customer base is running on WordPress.

“What we can say is that we’re heavily invested in the WordPress community and plan on continuing to do so,” Feather said.

“I’m excited that the increased number of sites we now protect across multiple platforms means we’ll be able to identify malware and malicious trends more efficiently than we’ve been able to already, and that’s good for every end user,” SiteLock’s WordPress Evangelist Adam Warner said. “Secondly, although we already have solutions for our partners, Patchman allows web hosts to offer increased security options for advanced users of their platforms. Being a WordPress guy, I’m excited about the possibility we now have to extend the capabilities of Patchman to plugins and other WordPress-specific software.”


8 responses to “SiteLock Acquires Patchman’s Malware and Vulnerability Detection Technology, Expands WordPress Customer Base to 4 Million”

  1. You make a big point of how many websites SiteLock is supposed to be protecting, but from what we have heard it sounds like a lot of their customers have been given some free SiteLock service, which they may not even be aware of, with their hosting account. It seems the purpose of that is so that SiteLock has a relationship with them that they can use to cold call them. Were you given any indication of how many of the websites they are supposed to be protecting are paying for the service and what kind of service they are getting, since a lot of their services don’t seem to offer much, if any, protection?

    Also, websites running WordPress 3.7 or above would normally get security vulnerabilities in WordPress patched automatically without requiring any additional service due to the automatic background updates feature in WordPress.

  2. @WhiteFirDesign Not all WordPress security issues are in core or can even be dealt with just by updating WordPress. On a poorly configured server or install, even the latest version of WordPress won’t help you. It’s easy to make just a small slip and end up with an unwittingly vulnerable site. Or two tiny slips combined. A server side monitoring tool checking automatically that your laces are tied is a boon.

    A cheap and efficient security monitoring service applied at the host level is exactly the sort of service which can benefit from economy of scale. With Sucuri aiming for $30/month per site, more entrants in the server side security market are most welcome.

    PS. Paul Goodchild of iControlWP is running a launch special for his new Shield Central service (you control security settings for all your websites from a single dashboard – hurray no more logging into dozens of WordPress sites to set or alter security settings). Existing iControlWP clients will be grandfathered with free Shield Central. We’re happy ManageWP users so we can’t take advantage of the offer but it’s a good one.

    • Right solution would be not to use “poorly configured server”. So instead of investing 30$ to Sucuri, it’s much smarter to invest that money to the correct and secure server setup. If the server setup is not secure, no any plugin, service or add-on will help you. For example if somebody can get your root access, you can have anything installed on your server, whole security team in the house, one line of code can delete everything forever ;)

    • We are familiar that updating WordPress doesn’t take care of all the security issues around WordPress, we run a service for helping to protect against vulnerable plugins, but what PatchMan does for WordPress is already done by WordPress and that is important to note.

      Sucuri is owned by a web hosting company, GoDaddy, that we have seen numerous security issues with, including those that have lead to websites being hacked in the not too distant past. So they don’t seem like the best people to be providing server level security services. SiteLock’s owners also run a major web hosting company, the Endurance International Group, that also has had issues in their handling of security, possibly recently leading to websites being hacked. It seems like it would be better for web hosts to focus on providing a secure environment to their customer instead of selling additional security services, which are not necessarily going to provide real protection, under a different name as they are doing now.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: