Please be more specific in the FAQ about the data sent to you

Sorry for the slow reply @snippet24 , I will help clarify this for you now and someone will update the FAQ soon.

The plugin collects the full name, slug, current version, new version (if any), and type (plugin, theme or core). This information is needed to cross check the database of known vulnerabilities and provide alerts if insecure versions are identified.

I hope this helps.

Thank you! Well honestly I do mind sharing that info, for example Scucuri doesn’t collect any info at all which is one of the major reasons I use it in all my websites. I mention this only to consider doing the same but without sending / collecting that data. I’m not expert there but if Sucuri can provide their scanning features without collecting any data, you should be able to do so as well.

We take your privacy seriously. For free plugin users without an API key, no information is collected by Sucuri. After activating an API key, Sucuri will store some information, such as logs. Please see our Terms of Service and Privacy Policy. Please email [email protected] if you have other questions about your privacy.

Sucuri and the Patchstack plugin have two different focuses when it comes to security.

Sucuri’s main focus is scanning all of your sites files for indicators of compromise. (plus additional misc security features.) This means the protection comes after a hack.

Patchstack notifies site owners when they are running known insecure components. (plus additional misc security features) This means the site owner can secure their sites before the compromise ever takes place.

Patchstack does not perform malware scanning, and Sucuri does not perform vulnerability notifications. This is why I mentioned in your other post that the two plugins should not conflict, in fact if anything, they may work very well together.

• This reply was modified 2 years ago by rawrly.

Okey but can’t Patchstack just load the database locally and then compare against the local info?

How it is currently designed is the more performant solution.

Having thousands (hopefully millions soon) of websites each downloading an entire database of vulnerable components and their versions, loading that database into memory on each site, then doing a check … that is a lot of redundant resource overhead (e.g.. will cause performance issues, wasting memory and resources on the website’s servers). This is why we collect just the current running versions of software and do the check on the remote side. This is one of the reasons our plugin’s resource usage is the lowest of all major WP security plugins.

I understand you have concerns about the collection of data, but Patchstack is being honest that your site needs to tell us what software name and versions they are running so we can efficiently cross reference our database of known vulnerabilities.

By doing so we can help people prevent avoidable hacks on their WordPress websites. Our goal is to make WordPress sites more secure in the first place.

How it is currently designed is the more performant solution.

Okey understood thank you for explaining, marking as resolved as well ??