Automattic adopts WPScan – the WordPress security scanner
Automattic takes over WPScan or more precisely Jetpack acquires it. This is a catalog of vulnerabilities for the WordPress core, themes and plugins. WPScan will be used throughout WordPress ecosystem used to catalog new vulnerabilities in WordPress core, themes and plugins.
WPScan started in 2011 as a simple Ruby script to identify vulnerabilities in self-hosted WordPress websites. The simple script grew into a large software project and gained widespread popularity in the security and WordPress communities.
Vulnerabilities are collated from across the web by security researchers and the community and added to WPScan. In 2021, WPScan was able to double the number of vulnerabilities added to the database compared to 2020. In total, more than 23,000 WordPress vulnerabilities have been cataloged in the last 10 years.
"Automattic has sponsored WPScan for years," says Steve Seear, Jetpack Product Engineering Lead at Automattic. “Not only are we big fans of their work — we use them to Support Jetpack Scan .
In addition to creating a superior security offering, our goal with this acquisition is to make malware data and APIs more open source. We want to ensure that WPScan continues to be a quality security resource for the entire WordPress community. To that end, we will look at ways to make the API completely free for non-commercial websites.”
As part of the acquisition, two of WPScan's founders, Ryan Dewhurst and Erwan Le Rousseau, will join Automattic to continue their work improving security for the WordPress ecosystem. WPScan will continue to operate standalone for the near future and may be integrated with Jetpack Scan in the future.
“We are very proud to have developed WPScan over the last ten years. Automattic has always been a great partner and we can't wait to work more closely together to take WPScan to the next level. I'm very excited to be working on making our WordPress vulnerability database more open and accessible to the community," said Ryan Dewhurst, Founder of WPScan.
Existing WPScan customers will not be affected by the acquisition in the short term and will receive the same high-quality WordPress security service they have come to expect.
Posted on November 4, 2021 by Rob Pugh on https://jet pack.com
