Automattic's Jetpack (opens in new tab)has announced that it will acquire the popular WordPress (opens in new tab) vulnerability database WPScan for an undisclosed sum.
Although WPScan started out as a simple Ruby (opens in new tab) script to help identify vulnerabilities in self-hosted WordPress sites back in 2011, over the years its database has become a security tool used across the entire WordPress ecosystem.
Today both security researchers and WordPress communities use WPScan's database to learn about new vulnerabilities in WordPress themes (opens in new tab), WordPress plugins (opens in new tab) and even WordPress core. Vulnerabilities are sourced from across the web and over the last 10 years, the company has cataloged over 23,000 WordPress vulnerabilities.
In addition to sponsoring WPScan for years, Automattic (opens in new tab) relies on its vulnerability database to help power Jetpack Scan.
A resource for the WordPress community
Besides creating an outstanding security offering, Automattic's goal for its acquisition of WPScan is to make malware (opens in new tab) data and APIs more open source.
At the same time, the company wants to ensure that WPScan remains a high-quality security resource for the entire WordPress community which is why it is exploring ways to make the API completely free for non-commercial sites according to Jetpack Product Engineering Lead at Automattic, Steve Seear.
As part of the acquisition, two of WPScan's founders, Ryan Dewhurst and Erwan Le Rousseau, will be joining Automattic to continue their work of improving security across the entire WordPress ecosystem. Once the deal has closed, WPScan will continue to operate independently in the near term though it may be integrated into Jetpack Scan in the future.
WPScan founder Ryan Dewhurst explained in a press release (opens in new tab) how the acquisition will help take WPScan to the next level, saying:
“We’re extremely proud of building WPScan over the last ten years. Automattic has always been a great partner, and we can’t wait to start working more closely together so we can take WPScan to the next level. I’m really excited about working on making our WordPress vulnerability database more open and accessible to the community.”
We've also featured the best WordPress hosting (opens in new tab), best WordPress security plugins (opens in new tab) and best WordPress website builder (opens in new tab)