Automattic takes WordPress security company WPScan under its wing

Acquisition will help take WPScan’s WordPress vulnerability database to the next level

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Automattic’sJetpackhas announced that it will acquire the popularWordPressvulnerability database WPScan for an undisclosed sum.

Although WPScan started out as a simpleRubyscript to help identify vulnerabilities in self-hosted WordPress sites back in 2011, over the years its database has become a security tool used across the entire WordPress ecosystem.

Today both security researchers and WordPress communities use WPScan’s database to learn about new vulnerabilities inWordPress themes,WordPress pluginsand even WordPress core. Vulnerabilities are sourced from across the web and over the last 10 years, the company has cataloged over 23,000 WordPress vulnerabilities.

In addition to sponsoring WPScan for years,Automatticrelies on its vulnerability database to help power Jetpack Scan.

A resource for the WordPress community

Besides creating an outstanding security offering, Automattic’s goal for its acquisition of WPScan is to makemalwaredata and APIs more open source.

At the same time, the company wants to ensure that WPScan remains a high-quality security resource for the entire WordPress community which is why it is exploring ways to make the API completely free for non-commercial sites according to Jetpack Product Engineering Lead at Automattic, Steve Seear.

As part of the acquisition, two of WPScan’s founders, Ryan Dewhurst and Erwan Le Rousseau, will be joining Automattic to continue their work of improving security across the entire WordPress ecosystem. Once the deal has closed, WPScan will continue to operate independently in the near term though it may be integrated into Jetpack Scan in the future.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

WPScan founder Ryan Dewhurst explained in apress releasehow the acquisition will help take WPScan to the next level, saying:

“We’re extremely proud of building WPScan over the last ten years. Automattic has always been a great partner, and we can’t wait to start working more closely together so we can take WPScan to the next level. I’m really excited about working on making our WordPress vulnerability database more open and accessible to the community.”

We’ve also featured thebest WordPress hosting,best WordPress security pluginsandbest WordPress website builder

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well