# Patchman
# Introduction
Patchman is a powerful, automated security solution developed to protect Linux-based shared hosting environments. It’s designed with web hosts in mind, helping them secure customer websites by detecting and patching vulnerabilities, removing malware, and keeping systems clean with minimal manual intervention.
Patchman continuously scans for known vulnerabilities in popular Content Management Systems (CMS) such as WordPress, Joomla, and Drupal. It applies virtual patches to vulnerable files without modifying core functionality or interrupting the user experience, making it an ideal solution for maintaining secure and stable hosting platforms.
Key Features
Automatic Vulnerability Detection: Identifies security flaws in popular CMS platforms and third-party plugins.
Virtual Patching: Applies lightweight, non-intrusive patches to vulnerable files, reducing the risk of exploitation without requiring full upgrades.
Malware Detection and Quarantine: Scans websites for malware and isolates infected files to prevent further damage or spread.
Outdated Software Detection: Notifies administrators and users about outdated CMS installations and plugins to encourage timely updates.
Automated Cleanup: Removes known malware patterns and reintegrates cleaned files into the hosting environment.
User Notifications: Sends customizable alerts to end users, prompting action when needed (e.g., outdated software or detected threats).
Seamless Integration: Compatible with major hosting control panels, including cPanel, Plesk, and DirectAdmin, for easy deployment and management.
Patchman helps reduce support requests related to malware infections and outdated software, improves server reputation, and enhances customer trust. It’s a low-maintenance, high-impact solution that fits seamlessly into modern web hosting operations.
Getting started
Frequently Asked Questions
- Which applications does Patchman detect and fix?
- What does the error "Registration key required but not present!" mean?
- How do I report an incorrect detection / false positive?
- I'm changing my server's IP address. How do I make sure Patchman knows this?
- Can you notify me every time a new vulnerability patch is released?
- Does the Patchman Portal have an API I can leverage for deeper integration?
- What is Patchman CLEAN, and how do I enable & configure it?
- What IP addresses does the Patchman agent connect to?
- What are the minimal requirements for running Patchman?
- Why is a NAT environment not supported?
- Why is vulnerability X not fixed by Patchman?
- Why is plugin X not patched by Patchman?
- How do I interpret the statistics shown on the Portal Dashboard?
- How do I enable / manage access to the Patchman portal for my hosting customers?
- Why was my card declined with the reason "the transaction requires authentication"?
- Real-time scanning, what is it and how do I configure it?
Policies
- Policy notification settings
- Policy applicability
- Email template editing
- Setting operational hours
- Modifications to server groups and policies
Portal
- What permissions do the different user roles have?
- What are the minimum browser requirements for the Patchman Portal?
- Reporting malware to Patchman
- Detection states and actions
- Organization identifier
- Status page subscriptions
- Control panel user level equivalents
Agent (patchman-client)
- Where can I find the software changelog?
- Tuning the Patchman agent
- Multi-threaded scanning, what is it and how do I configure it?
- Multi-threaded scanning, what is it and how do I configure it?
- How do automatic agent updates work?
- Updating the Patchman agent
- Uninstalling the Patchman agent
Platform Integrations
