This article applies to the use Patchman if you have a cPanel based shared hosting

How does Patchman Works

Patchman is an automatic malware detection and patching tool, developed to protect CMS websites, like WordPress, Joomla and Drupal. With cybercriminals actively exploiting vulnerabilities in these popular platforms, website owners can benefit immensely from Patchman. The tool detects vulnerabilities, alerts the user and if the user does not take action themselves, automatically patches the vulnerabilities on the users’ behalf.

If a vulnerability, malware or outdated application is detected Patchman will take the following action:

Vulnerability Detection

  • Detection (Immediate):  On detection of a vulnerability Patchman will immediately notify you.
  • Reminder (5 Days):  If after 5 days you have not resolved the vulnerability (usually by upgrading your application) a further reminder will be sent.
  • Patch (10 Days): If after 10 days the vulnerability is still not resolved Patchman will automatically patch the affected file(s).

Important: Patchman does not update your application but instead patches specific security vulnerabilities by backporting patches from newer versions. It is always preferable to upgrade your application where possible.

Note: If you don’t want Patchman to automatically patch a vulnerability you can select the file(s) and from the Bulk actions menu select Block. See User Actions

Malware Detection

  • Quarantine (Immediate):  On detection of malware Patchman will immediately quarantine the malware files and notify you.
  • Deletion (5 Days): Ater 5 days Patchman will delete the quarantined files.

Outdated Applications

  • Detection (Immediate): On detection of an outdated application Patchman will immediately notify you by email.
  • Reminder (5 Days):  If after 5 days you have not updated your application a further reminder will be sent.

Accessing Patchman

  1. Log into cPanel
  2. Scroll to the Advanced section and click on the Patchman icon.
  3. After clicking the Patchman icon, the Patchman dashboard opens.

Updating your Notification Email

By default, Patchman will use the email address configured within cPanel for notifications, if you wish to use an alternative address(es) you can configure them as follows:

  1. Click Change Settings
  2. Enter your email address (you can use commas to add multiple addresses)
  3. Click Submit

Using the Patchman dashboard

The following provides an overview of the main dashboard features.

  • Detected Applications: This displays a list of all detected applications and checks whether they are outdated or not. To access this, click on Applications (Patchman-> Applications icon)
  • Perform scan: You can run a scan manually by clicking on Perform Scan (Patchman -> Perform Scan icon) . Patchman will run a scan of your account.
  • Detected items actions: All the detected vulnerabilities appear in a list containing the detection date, status, description as well as the vulnerability path. There is an Actions icon that you can click for every vulnerability. Click this to see the available actions and to carry them out.

User Actions

When a vulnerability or malware is detected you can perform one or more of the following actions against the detected file or a group of files using the Bulk actions menu.

  • Block: Blocks all automatic tasks (useful if you do not want a file(s) to be automatically patched)
  • Unblock: Resumes automatic tasks that have previously been blocked.
  • Patch / Quarantine / Clean: Context dependent, if a vulnerability it will path the fil, if malware quarantine it and if an infected file cleans it.
  • Reverse: Reverses a patch, quarantine or clean action thus restoring the file back to how it originally was.

If an unforeseen event occurs, for example, if a patch affects your website’s functionality, you can click on Undo patch within the Actions (or Reverse under Bulk actions). This helps undo the patch until you find out its root cause. To re-apply the patch, go to Actions -> Patch (or Patch/Quarantine under Bulk actions).