Patchstack

“What were the hardest vulnerabilities and exploits to protect against?" You might expect it to be the most dangerous one. It’s not. One of the hardest to defend against is cross-site request forgery (CSRF), and the reason has nothing to do with complexity. It’s the tradeoff. CSRF attacks often look like normal user behavior: – clicking a link – being redirected – triggering an action on a site From a system’s perspective, that can be indistinguishable from legitimate use. So if you try to block it aggressively, you run into a problem: You trigger a bunch of false positives & start breaking real functionality. That’s why even strong security setups can't always fully block CSRF. The cost of getting it wrong is too high. Watch the full conversation or get the details from our study (𝗹𝗶𝗻𝗸 𝗶𝗻 𝗰𝗼𝗺𝗺𝗲𝗻𝘁𝘀 💬)

“Just add more firewall rules.” For generic attacks? Sure, patterns exist. For vulnerabilities in the application layer? Every line of code introduces its own logic, its own edge cases, and therefore (if vulnerable), its own exploit paths. This means: 1) You can't simply deploy a network-level WAF with generic rules and call it a day. 2) There is no shortcut to protection with some extra firewall rules (even if "some" = some unfathomable number). Watch the full breakdown … (𝗹𝗶𝗻𝗸 𝗶𝗻 𝘁𝗵𝗲 𝗰𝗼𝗺𝗺𝗲𝗻𝘁𝘀 💬)

We tested a wide variety of hosting providers. Big names, smaller players, and hosts with very different approaches to security. But even with that mix, one pattern stood out. The hosts investing the most in 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗺𝗮𝗿𝗸𝗲𝘁𝗶𝗻𝗴…often didn’t perform any better. In one case, a provider led with bold claims around “secure WordPress hosting.” Huge headline at the top of the page, but once you scrolled, the details told a different story: – how their servers are secured – how the infrastructure is hardened – how the environment is isolated All of which are valid and useful, but none of that actually secures your application layer. Watch the full breakdown … (𝗹𝗶𝗻𝗸 𝗶𝗻 𝘁𝗵𝗲 𝗰𝗼𝗺𝗺𝗲𝗻𝘁𝘀 💬)

We got down to a *lot* this year at CloudFest 👀 Here's a recap: ⚡ 62 people tattooed at our booth! 📢 5+ talks given by Oliver Sild (in one day!) 🎤 2 Patchstack MCs running stages (Lana Rafaela & Siobhan McKeown) 🥷 95 hackers joined our onsite CTF 🚩 Hundreds* more attended the Hackerspace event (*=still counting!) 💰 1750 EUR paid out in CTF rewards! ☹️ 3 total room keys lost by our team (RIP)

Most hosts advertise "secure WordPress hosting." In August of last year, we published our first study into how "secure" WordPress hosting really is. It turned out 87.8% of vulnerabilities bypassed hosting defenses. Then, we followed up that study with a second edition earlier this year. We tested 18 hosting providers, and 74% of attacks went straight through. We published the full breakdown of the study: methodology, results, and which vulnerability types got through with the help of independent researchers Kevin Ohashi and Konrad Keck. In this Q&A (recorded as we were finalizing the 2nd study), Mart Virkus joins Chazz Wolcott to answer questions about the study you'll want to hear the answers to. - Why can't regular WAFs just keep adding firewall rules? - What makes WordPress-specific vulnerabilities so hard to block? - And more... Watch the full Q&A ... (𝗹𝗶𝗻𝗸 𝗶𝗻 𝘁𝗵𝗲 𝗰𝗼𝗺𝗺𝗲𝗻𝘁𝘀 💬)

ICYMI 💡 - our Head of Marketing Mart Virkus sat down with Monarx and Servebolt to talk about the bleeding edge of cybersecurity of hosting. Listen to the Open Channels special Cloudfest episode to learn: ✅ How AI is transforming the WordPress threat landscape ✅ Why "layered defence" is now the *only* solution agains attackers ✅ What attackers actually do once they gain access to your sites ✅ How can hosts balance security & performance 👆 With attackers now exploiting new vulnerabilities within hours of disclosure, this episode is a must-listen for anyone looking to prepare their stacks for the rapidly evolving cybersec landscape!

Security built into your existing workflow. ✅️ That's how Manage by Elementor integrates Patchstack. Learn more about our partnership: https://lnkd.in/du-mK-SW

Oliver Sild has officially lost his tattoo virginity here at CloudFest 😎 What do you think he got tattooed?

😈 Yup, you got that right — REAL tattoos at our CloudFest booth this time. We keep your security painless… but the tattoos, not so much. Feeling brave? We’re here today and tomorrow. #NoRagrets

Day 1 at CloudFest was a blast and we’re all ready for the second day ⚡️ PS! There’s something special happening today in our booth so if you’re at CloudFest, drop by! 👀