Articles on: Web monitoring
This article is also available in:

Patch & Protect: What it is and how to enable it

Patch & Protect is Modular DS’s security hardening add-on, powered by Patchstack, the leading security company in WordPress.


It provides advanced protection for your WordPress sites by applying virtual patches (mitigation rules) and hardening rules that block known vulnerabilities and common attack methods. 


It’s available for $2.25/month per site on PRO plans, and you can activate it anytime from each website’s Health & Security section.


Here’s what it does and how to enable it in a few clicks.


What Patch & Protect does?


When enabled, Patch & Protect installs a lightweight helper plugin (powered by Patchstack) that improves your site’s security with:


Virtual patching of vulnerabilities in plugins, themes, and WordPress core as soon as they are detected, even before the official update that fixes them is released. Virtual patching issues mitigation rules that block attacks without changing your website code.


Security hardening rules that disable or hide common WordPress features and configurations that are often exploited by bots or attackers.


Best of all, it does it without slowing down your site or requiring complex setup.


Key features


Here’s a quick overview of all the security features Patch & Protect includes:

  • Virtual patching firewall: Blocks known vulnerabilities in WordPress core, plugins, and themes, as well as common attack vectors.
  • Disable theme/file editors: Removes built‑in editors from the WordPress admin.
  • Hide WordPress version information: Hides WordPress version metadata from your code.
  • Block access to readme.txt: Prevents this file from being targeted.
  • Disable user enumeration: Stops attackers from discovering usernames.
  • Restrict XML‑RPC access: Allows XML‑RPC only for authenticated users.
  • Add security headers: Adds headers like X‑Frame‑Options and X‑XSS‑Protection.
  • Block access to debug/config files: Prevents exposure of sensitive files like debug.log or sample configuration files.
  • Disable index views: Blocks directory listing.
  • Block proxy comment posting: Disables comments submitted via third‑party services.


How to enable Patch & Protect


  1. In Modular DS, open the Health & Security section of the site where you want to enable it.


Health & Safety


  1. In any of the tabs, click Activate Patch & Protect Add‑on and confirm activation.


Activate Patch & Protect


  1. Once enabled, Modular DS will automatically install the Patchstack helper plugin and apply all relevant security rules immediately.


You will start to see information in the reports under the Patch & Protect tab, including:


  • Blocked attacks and threat statistics.
  • Top IPs where attacks originate.
  • Most common attack types targeting your site.


Patch & Protect Stats


Frequently asked questions


Does Patch & Protect modify my site’s code?


No. It blocks malicious traffic at runtime. Your site’s files remain untouched.


Will Patch & Protect slow down my website?


Not at all. Patch & Protect is lightweight, doesn’t scan or alter files, and runs only when necessary. Performance impact is effectively zero.


What’s the difference between the Patch & Protect add-on and a security plugin?


Most traditional security plugins focus on detection, performing malware scans, file integrity checks, etc. Although some of their features can be useful within a security strategy, they often have significant limitations, like performance and database overload or false positives, and are not enough to protect your sites.


Patch & Protect focuses on mitigation and runs at the PHP level to silently block known exploits before they can be executed, without heavy background scans or manual configuration.


What is virtual patching and why is it important?


Virtual patching acts as a temporary shield that blocks known exploits even before you can apply updates. The mitigation rules ensure your site remains protected at all times.


Can I use the Patch & Protect add-on with other security tools or hosting firewalls?


Yes. Patch & Protect is compatible with hosting‑level firewalls, monitoring tools, and even other plugins if needed.


What happens if I disable the add‑on?


If you disable Patch & Protect, all virtual patches (mitigation rules) and hardening measures are removed, and the helper plugin is uninstalled. You can re‑enable it anytime, and protections will instantly resume.


We strongly recommend enabling Patch & Protect, especially on your most critical or high-traffic sites, where uptime, reputation, and data integrity matter most, since it is one of the easiest ways to strengthen your WordPress security.


Updated on: 30/10/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!