Jetpack is acquiring WPScan, a WordPress vulnerability database. WPScan is used across the WordPress ecosystem to learn about new vulnerabilities to WordPress core, themes, and plugins.
WPScan started as a simple Ruby script in 2011 to help identify vulnerabilities in self-hosted WordPress websites. The simple script matured into a large software project and gained popularity amongst the security and WordPress communities.
Vulnerabilities are sourced from around the web, as well as security researchers from both the community and WPScan. In 2021, WPScan was able to double the amount of vulnerabilities added to the database compared to 2020. In total, it has cataloged more than 23,000 WordPress vulnerabilities over the last 10 years.
“Automattic has sponsored WPScan for years,” says Steve Seear, Jetpack Product Engineering Lead at Automattic. “Not only are we big fans of their work — we actually use it to help power Jetpack Scan.
Besides creating an outstanding security offering, our goal for this acquisition is to make malware data and APIs more open source. We want to ensure that WPScan continues to be a high-quality security resource for the entire WordPress community. To that effect, we’ll be exploring ways to make the API completely free for non-commercial sites.”
As part of the acquisition, two of the WPScan founders, Ryan Dewhurst and Erwan Le Rousseau, will be joining Automattic to continue their work improving security for the WordPress ecosystem. WPScan will continue to operate independently in the near term and may be integrated into Jetpack Scan in the future.
“We’re extremely proud of building WPScan over the last ten years. Automattic has always been a great partner, and we can’t wait to start working more closely together so we can take WPScan to the next level. I’m really excited about working on making our WordPress vulnerability database more open and accessible to the community,“ said Ryan Dewhurst, WPScan founder.
Current WPScan customers won’t be impacted by the acquisition in the near-term and will receive the same high-quality WordPress security service they’ve come to expect.