Before SiteLock, every critical CMS advisory meant
Before SiteLock, every critical CMS advisory meant a late night fire drill. Now most issues are patched automatically and I can schedule full upgrades when it works for the business.”
VULNERABILITY PATCHING
Fix vulnerabilities in minutes. Undo in one click if needed.
Automatically patch critical CMS vulnerabilities — without waiting on full upgrades. Revert any patch instantly if something breaks
Automatic CMS vulnerability patching
SiteLock’s SMART Patch scan continuously checks your CMS core files, default themes, and supported plugins against known vulnerability signatures and replaces risky versions with safe, patched ones—so you’re protected even if you’re not on the latest release yet.
Broad platform support
Supports leading CMS platforms and popular plugins—including WordPress, Joomla, Drupal, Magento, WooCommerce, PrestaShop, and key WordPress extensions—so you can standardize patching across most of your sites.
Built‑in safety and control
Patched files are stored safely and can be rolled back for a set window, giving you a way to undo changes if something breaks. Choose your automation level—auto-patch, scan-and-alert, or disabled and keep the patching decision in your hands. Full control, zero guesswork.
7,966
new vulnerabilities discovered in 2024 alone
3.13x
more likely to be infected — sites with 20+ plugins vs no plugins
3.27x
WordPress sites more likely to be infected than non-CMS sites
Our clients don’t always upgrade WordPress
Our clients don’t always upgrade WordPress the day a new version drops. SiteLock gives us a safety net so they’re protected while we plan changes properly.
The built‑in rollback gave me the confidence to enable
The built‑in rollback gave me the confidence to enable automatic patching. If a patch ever caused a problem, I know I can revert quickly.
Vulnerability Patching in-depth
Comparison Table
| Vulnerability Detection | |
|---|---|
| Stop chasing every vulnerability manually | SMART Patch scans your plugins, themes, and CMS core files automatically on a schedule, so you are not tracking advisories or remembering to run manual checks. |
| Protect the riskiest parts of your site first | Prioritizes plugins and themes — where the vast majority of new CMS vulnerabilities appear — so the highest-risk components of your site are found and fixed quickly. |
| Close gaps in your CMS core | Scans core files across supported platforms alongside plugins and themes, so critical weaknesses in the CMS itself do not slip through. |
| Know which issues matter most | Matches files against known‑vulnerable versions and classifies issues by type and severity, so you understand what was found and how serious it is |
| Patch Deployment | |
|---|---|
| Move from exposed to protected in one cycle | When vulnerabilities are found, patches are applied in the same run — no extra steps — so there is no window between detection and fix where your site remains exposed. |
| Get the fix without breaking your site | Targets only the vulnerable code instead of forcing full plugin or CMS upgrades, reducing the risk of compatibility issues after patching. |
| Confirm you are safe after every change | Trigger a scan any time after installing a plugin or pushing an update, so you can verify immediately that nothing new introduced a vulnerability. |
| Rollback & Safety | |
|---|---|
| Turn any patch into a one-click undo | Keeps the original file in a secure cache and lets you roll back a patch with a single click if something behaves unexpectedly. |
| See exactly what changed and when | Logs every patch by filename, vulnerability type, patch status, and revert history — so you always have a clear, auditable record of every change made to your site. |
| Know exactly how long you have to revert | Reverts are available for up to 30 days from when the patch was applied, or until the same file is patched again in a subsequent run — whichever comes first. A clear, time-bound guarantee so you know exactly what your safety net covers. |
| Configuration & Control | |
|---|---|
| Fully automated protection when you want it | Auto-patch mode finds and fixes vulnerabilities in the same cycle — shrinking the window attackers have to exploit known issues . |
| Review changes first on sensitive sites | Scan-only mode detects and flags vulnerabilities but waits for your approval before applying any patches — useful for active development environments or any site where you want to review changes before they go live. |
| Pause scanning safely during rebuilds | Scanning can be turned off entirely during a major rebuild or custom development phase. Re-enabling protection is a single setting change once your work is complete. |
| Scan Results & Reporting | |
|---|---|
| Understand every scan at a glance | Each run produces a clear summary — overall status (Verified or Non-Compliant), vulnerabilities found, patches applied, reverts made — so you can see exactly where you stand in seconds. |
| Find the file you care about fast | Searchable results by filename and path show vulnerability type and patch status, making it easy to zero in on specific components |
| Keep a complete audit trail | Full scan history is stored and accessible at any time —so you can look back at what was found and fixed over time for audits or troubleshooting |
| Site Health & Dashboard Integration | |
|---|---|
| See patching impact in your Site Health score | SMART Patch results feed directly into your Site Health score. Unpatched vulnerabilities pull your score toward At Risk or Impaired — and a successful patch run moves it back toward Healthy. One score that reflects the real state of your protection. |
| Always know what to fix first | Outstanding vulnerabilities appear in the Prioritized Security Action Queue alongside issues from other scans — ranked by severity so you know what to address first and why, without having to decide for yourself. |
| Manage everything from one place | SMART Patch sits alongside every other SiteLock scan in a single dashboard — status, last run, next scheduled run, and a Scan Now button all on one screen, with no separate tool or separate login. |
Choose how much SMART Patch does for you.
A reference for exactly what each scan covers, how it scans, and how frequently it runs.
| Mode | What it does | Best for |
|---|---|---|
| Scan and patch automatically | Detects vulnerabilities and applies patches in the same run. No action needed from you. | Most site owners. Maximum protection with minimum effort. |
| Scan but do not patch | Finds vulnerabilities and alerts you. Waits for you to approve before applying any changes. | Developers who want to review changes before they go live. |
| Scanning off | No scanning or patching. Site remains unmonitored for vulnerabilities. Not recommended for live sites. | Active development or staging environments only. |
FAQ
Does SMART Patch update the whole plugin or just the vulnerable code?
Just the vulnerable code. SMART Patch applies targeted fixes to the specific files that contain the weakness — not a full plugin version upgrade. This keeps your site stable and reduces the risk of compatibility issues that can come with major version changes. When you’re ready to do a full version upgrade, you can do that separately on your own schedule.
What happens if a patch breaks something on my site?
You reverse it. Every patch applied by SMART Patch is reversible with one click from your dashboard. You’ll see exactly which files were changed, and a Revert Patch button is always available. No need to restore from backup or contact support — just click and your site goes back to exactly where it was before the patch ran.
What’s the difference between vulnerability patching and malware removal?
Malware removal cleans up an infection after it happens. Vulnerability patching closes the door before attackers get in. Both are important — malware removal deals with active threats, patching prevents future ones. SiteLock 2.0 does both: SMART Patch keeps your vulnerabilities closed, while SMART File Scan and SMART Database Scan handle anything that gets through.
Can I see what was patched and when?
Yes. Every scan produces a full results log — searchable by filename, showing the vulnerability type, patch status, and whether anything was reverted. You also have access to a complete scan history so you can review any previous run at any time.
What if I’m not comfortable with automatic patching?
Switch to scan-only mode. SMART Patch will find vulnerabilities and alert you, but won’t make any changes to your files until you decide to act. You get the detection without the automation — useful if you prefer to review changes before they go live, or if you’re in a period of active development.
Reduce your website security risks
Stop leaving vulnerabilities open. Start patching them automatically.
SiteLock finds weaknesses in your plugins, themes, and CMS core — and patches them automatically, on schedule, with no manual steps. Every change is reversible. Your site stays protected and fully in your control.
