Security doesn’t stand still, and neither should the hosting industry.
Welcome to the February 2026 WebHosting.Today Monthly Security Update, created in partnership with our trusted security sponsors, Monarx and Patchstack. Together, we’re delivering practical threat intelligence, real-world insights, and clear guidance for hosting providers, agencies, and WordPress professionals navigating today’s evolving risk landscape.
No hype, no noise, just frontline expertise and the actions that matter right now to keep modern hosting environments secure.
Patchstack’s 2026 WordPress Security Report Highlights Increase in Threats, Growing Gap in Hosting Defences
New research from Patchstack points to a widening disconnect between the growth of high-risk WordPress vulnerabilities, faster exploit weaponization and the ability of web hosting providers to defend against them.
The State of WordPress Security in 2026 whitepaper found that highly exploitable vulnerabilities increased 113% year-over-year, with more high-severity flaws discovered in 2025 than in the previous two years combined.
Penetration testing conducted across major hosting providers found that traditional defences, including custom WAFs and third-party suites, blocked just 26% of vulnerability attacks.
The Patchstack team also reports the median time to mass attack campaigns against highly exploitable vulnerabilities was just five hours, meaning manual patching processes offer little realistic protection.
The report, produced in partnership with server-level malware detection firm Monarx, also identifies a strategic shift in attacker behaviour. Rather than one-off compromises, attackers are increasingly deploying persistent infrastructure – including memory-resident malware that reinfects sites after cleanup – making remediation significantly more complex.
The findings suggest that for the majority of hosted WordPress sites, the current security stack was not built for the speed or nature of modern WordPress-specific attacks.
Revealing the Threats Hitting Hosting Providers — Monarx 2025 Insights
Monarx joined PatchStack this year to expand the analysis of 2025’s hosting threat landscape. Monarx’s 2025 Security Landscape Report offers an industrial scale view of modern hosting threats and shifting attacker tactics, and it contains some striking numbers.
In 2025 Monarx’s cloud processed nearly 9 trillion file signals, ran over 500 billion real time analyses and classified more than 8 billion unique files. It also discovered 100+ million previously undocumented malware cases. During the year Monarx remediated over 2 billion infections and preemptively terminated more than 3 billion malicious runtime operations, numbers that underscore both the scale of attacks and the importance of automated, surgical remediation over “delete only” approaches.
The scope of data analyzed enabled the Monarx team to reveal clear behavioral shifts:
- Adware remained the most common baseline threat.
- Attackers pivoted to persistent uploader scripts, a near doubling in June 2025 that stayed elevated thereafter.
- Increased use of process and memory resident families (for example, Lock360) that automatically reinfect servers and defeat naive cleanup.
- Pronounced Q4 “holiday spike” in malicious file detections, showing why signature only defenses and slow manual workflows are increasingly ineffective against fast, persistent campaigns.
What this means for hosting providers: these findings suggest defenders should add real‑time behavioral detection, targeted remediation, and automated runtime protection to reduce reinfection and preserve uptime during busy periods. Monarx’s report indicates hosting security should move beyond reactive scanning toward continuous, server‑level prevention and cleanup. If you’re a hosting company attending CloudFest, consider our free security assessment to evaluate your current defenses.
