Jetpack acquires WordPress security company

Jetpack, a division of WordPress’ business arm, Automattic, has announced the acquisition of popular security suite company WPScan WordPress. WPScan provides resources that enable the WordPress and WordPress security ecosystem to tackle security issues quickly. Jetpack is a WordPress tool suite that also includes a security component.

WordPress security is an important area for WordPress as this is what competitors cite as a WordPress weakness. So at this level, it makes sense for Jetpack to acquire a company with a proactive stance on WordPress security.

Jetpack has promised to keep the products free for non-commercial use while noting that part of WPScan will be absorbed into the security offering of the Jetpack suite of tools.

Why WPScan is important

WPScan is a vulnerabilities database.

WPScan also provides:

• An API to access the database
• WPScan Security Scanner, a command line interface (CLI) to scan
• A WordPress security plugin

WPScan Database

WPScan is first and foremost an openly available database that logs WordPress vulnerabilities and makes the information available through an API.

Information on WordPress vulnerabilities is prepared by hand by WPScan and contributors.

WPScan is also an official CVE Numbering Authority (CNA), which means it can assign numbers by which vulnerabilities are referenced in the security community.

The database is accessible to individuals, businesses and security researchers.

Depending on the number of API calls made to the database, the information is available for free through an API and also at relatively modest prices for increased database access and custom pricing for the needs of the database. business.

WordPress WPScan Security Scanner

WPScan also provides WPScan WordPress Security Scanner, which is a free command line interface scanner for non-commercial use to scan a website for vulnerabilities registered in the WPScan database.

An example of additional things that the free WPScan WordPress security scanner checks:

• “The version of WordPress installed and all associated vulnerabilities
• What plugins are installed and all associated vulnerabilities
• What themes are installed and all associated vulnerabilities
• Username enumeration
• Users with weak passwords via brute password brute force
• Wp-config.php files saved and accessible to the public
• Database dumps that can be accessed by the public
• If the error logs are exposed by plugins »

WordPress WPScan plugin

Finally, WPScan offers a free plugin that scans a website to determine if the WordPress installation itself and / or the installed themes and plugins have vulnerabilities. The plugin uses the WPScan database API to check for vulnerabilities. Daily analysis would fall under the free API usage level.

The plugin also looks for common weaknesses that could make a website vulnerable:

• “Check the debug.log files
• Look for the wp-config.php backup files
• Check if XML-RPC is enabled
• Find the code repository files
• Check if the default secret keys are used
• Find the exported database files
• Weak passwords
• HTTPS enabled “

The main feature of the WPScan plugin is to offer a quick alert if a site plugin, a theme or WordPress itself contains a vulnerability and if a patch is issued.

Why did Jetpack acquire WPScan?

The reason Jetpack cites for acquiring WPScan is to open up the data even more and continue it as a resource for the entire WordPress ecosystem.

Jetpack announced:

“… Our goal for this acquisition is to make malware data and APIs more open source. We want to ensure that WPScan continues to be a high quality security resource for the entire WordPress community. To this end, we’ll explore ways to make the API completely free for non-commercial sites.

… WPScan will continue to operate independently in the short term and may be integrated with Jetpack Scan in the future.

Current WPScan customers will not be impacted by the acquisition in the short term and will receive the same high quality WordPress security service they have come to expect.

Quotes

Read the Jetpack announcement of the WPScan acquisition:

Jetpack acquires WordPress WPScan vulnerability database

Visit the official WPScan plug-in page

WPScan – WordPress Security Scanner Plugin