Automattic takes WordPress security company WPScan under its wing

Jetpack and WPScan
(Image credit: Jetpack)

Automattic's Jetpack has announced that it will acquire the popular WordPress vulnerability database WPScan for an undisclosed sum.

Although WPScan started out as a simple Ruby script to help identify vulnerabilities in self-hosted WordPress sites back in 2011, over the years its database has become a security tool used across the entire WordPress ecosystem.

Today both security researchers and WordPress communities use WPScan's database to learn about new vulnerabilities in WordPress themes, WordPress plugins and even WordPress core. Vulnerabilities are sourced from across the web and over the last 10 years, the company has cataloged over 23,000 WordPress vulnerabilities.

In addition to sponsoring WPScan for years, Automattic relies on its vulnerability database to help power Jetpack Scan.

A resource for the WordPress community

Besides creating an outstanding security offering, Automattic's goal for its acquisition of WPScan is to make malware data and APIs more open source.

At the same time, the company wants to ensure that WPScan remains a high-quality security resource for the entire WordPress community which is why it is exploring ways to make the API completely free for non-commercial sites according to Jetpack Product Engineering Lead at Automattic, Steve Seear.

As part of the acquisition, two of WPScan's founders, Ryan Dewhurst and Erwan Le Rousseau, will be joining Automattic to continue their work of improving security across the entire WordPress ecosystem. Once the deal has closed, WPScan will continue to operate independently in the near term though it may be integrated into Jetpack Scan in the future.

WPScan founder Ryan Dewhurst explained in a press release how the acquisition will help take WPScan to the next level, saying:

“We’re extremely proud of building WPScan over the last ten years. Automattic has always been a great partner, and we can’t wait to start working more closely together so we can take WPScan to the next level. I’m really excited about working on making our WordPress vulnerability database more open and accessible to the community.” 

We've also featured the best WordPress hosting, best WordPress security plugins and best WordPress website builder

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.