Jetpack Acquires WordPress Vulnerability Database WPScan

Explore the benefits of Jetpack

Learn how Jetpack can help you protect, speed up, and grow your WordPress site. Get up to 50% off your first year.

Explore plans

Jetpack is acquiring WPScan, a WordPress vulnerability database. WPScan is used across the WordPress ecosystem to learn about new vulnerabilities to WordPress core, themes, and plugins. 

WPScan started as a simple Ruby script in 2011 to help identify vulnerabilities in self-hosted WordPress websites. The simple script matured into a large software project and gained popularity amongst the security and WordPress communities.

Vulnerabilities are sourced from around the web, as well as security researchers from both the community and WPScan. In 2021, WPScan was able to double the amount of vulnerabilities added to the database compared to 2020. In total, it has cataloged more than 23,000 WordPress vulnerabilities over the last 10 years. 

“Automattic has sponsored WPScan for years,” says Steve Seear, Jetpack Product Engineering Lead at Automattic. “Not only are we big fans of their work — we actually use it to help power Jetpack Scan.

Besides creating an outstanding security offering, our goal for this acquisition is to make malware data and APIs more open source. We want to ensure that WPScan continues to be a high-quality security resource for the entire WordPress community. To that effect, we’ll be exploring ways to make the API completely free for non-commercial sites.”

WPScan UI showing vulnerabilities in plugins

As part of the acquisition, two of the WPScan founders, Ryan Dewhurst and Erwan Le Rousseau, will be joining Automattic to continue their work improving security for the WordPress ecosystem. WPScan will continue to operate independently in the near term and may be integrated into Jetpack Scan in the future.

“We’re extremely proud of building WPScan over the last ten years. Automattic has always been a great partner, and we can’t wait to start working more closely together so we can take WPScan to the next level. I’m really excited about working on making our WordPress vulnerability database more open and accessible to the community,“ said Ryan Dewhurst, WPScan founder.

Current WPScan customers won’t be impacted by the acquisition in the near-term and will receive the same high-quality WordPress security service they’ve come to expect.

This entry was posted in Jetpack News, Security. Bookmark the permalink.

Rob Pugh profile
Rob Pugh

Rob is the Marketing Lead for Jetpack. He has worked in marketing and product development for more than 15 years, primarily at Automattic, Mailchimp, and UPS. Since studying marketing at Penn State and Johns Hopkins University, he’s focused on delivering products that delight people and solve real problems.

Explore the benefits of Jetpack

Learn how Jetpack can help you protect, speed up, and grow your WordPress site. Get up to 50% off your first year.

Explore plans

Have a question?

Comments are closed for this article, but we're still here to help! Visit the support forum and we'll be happy to answer any questions.

View support forum
  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 112.6K other subscribers
  • Browse by Topic

  • %d