Patchstack & GoDaddy add WordPress vulnerability detection

Patchstack has partnered with GoDaddy to bring its vulnerability detection to eligible GoDaddy Managed WordPress users. The integration is now live across the hosting platform.

The move comes as WordPress security issues continue to rise. More than 11,000 vulnerabilities were disclosed across the ecosystem in 2025, up 42% year on year, according to Patchstack, while heavily targeted flaws were often exploited within hours of disclosure.

GoDaddy is adding Patchstack's detection to its existing Managed WordPress environment. The service gives customers visibility into vulnerabilities affecting their websites as those issues are disclosed, without requiring separate tools, the companies said.

Patchstack's research found that the median time to mass exploitation for heavily targeted vulnerabilities was five hours. That narrow window has increased pressure on hosting providers and website operators to identify exposed sites quickly.

The Estonian company has built its business around vulnerability intelligence for the WordPress ecosystem and other open-source software. It said its Patchstack Alliance has grown into one of the largest ethical hacker communities focused on open-source vulnerabilities and that it now acts as the world's largest CVE Numbering Authority, coordinating more than 4,500 vulnerabilities in 2025 alone.

Rising pressure

The partnership reflects broader concern in the hosting and website security market over how quickly attackers can exploit newly disclosed flaws. Hosting security tools have often focused on identifying threats after a compromise or applying broad protections across large volumes of traffic.

Patchstack and GoDaddy said the new arrangement is designed to give users more specific insight into the vulnerabilities present on individual websites. Premium plans can also include Patchstack's RapidMitigate technology, which applies protection rules based on the vulnerabilities identified on a site.

According to Patchstack, these rules can often be applied shortly after disclosure and before a vulnerability is widely exploited. It contrasted that approach with generic, pattern-based defences that may be less effective against targeted exploitation.

Oliver Sild, Chief Executive Officer and Co-Founder of Patchstack, linked the change in attack patterns to attackers' use of artificial intelligence.

"AI is accelerating how quickly attackers can find and exploit vulnerabilities. Most traditional security approaches are still reactive and rely on generic protections, which can leave gaps at the point where vulnerabilities are actually exploited. Security needs to move away from a 'spray and pray' approach toward precise, website-level protection applied where it's actually needed. That's what this integration with GoDaddy enables at scale," said Oliver Sild, Chief Executive Officer and Co-Founder of Patchstack.

GoDaddy framed the partnership as part of its role as a managed hosting provider for smaller businesses that may not have dedicated security teams. It said the aim was to add vulnerability-specific detection at the hosting layer rather than requiring customers to source separate security services.

Hosting layer

The companies said attackers are becoming more systematic, using automation and AI to increase the speed and volume of attacks. At the same time, AI-assisted software development is contributing to a larger pool of vulnerabilities entering the market, according to Patchstack.

That combination has raised the stakes for WordPress users, particularly smaller organisations that rely on managed services to maintain and secure their sites. WordPress remains one of the world's most widely used content management systems, making its plugin and theme ecosystem a frequent target for attackers.

Patchstack's growth has tracked that demand. The company said it began as a small idea shared on Reddit before expanding into a vulnerability intelligence platform focused on the WordPress ecosystem.

Its community-led model centres on working with ethical hackers and open-source developers to disclose and coordinate vulnerabilities. That has helped the company establish a role not only in detection and mitigation but also in reporting and cataloguing software flaws.

For GoDaddy, the partnership adds a security feature to a large installed base of WordPress customers. Eligible Managed WordPress users now have automatic vulnerability detection inside the hosting environment, the company said.

Shwetal Covert, Director of Product Management at GoDaddy, said managed hosting providers have a growing responsibility as the pace of exploitation increases.

"Small businesses shouldn't need to navigate website security on their own. As vulnerabilities are disclosed and exploited faster, managed hosting providers have an important role to play in helping customers manage that risk. Integrating Patchstack's detection into every GoDaddy Managed WordPress website adds a layer of protection with vulnerability-specific detection within the hosting environment," said Shwetal Covert, Director of Product Management at GoDaddy.