STAGING ENVIRONMENTDebug log is enabled by default for testing — PHP warning & notice errors will appear on the screen.

Automattic Acquires WPScan

By /

Automattic acquires WPScan in a move that strengthens its focus on WordPress security. Announced on November 4, 2021, the deal brings the widely respected vulnerability database and scanner under the same umbrella as WordPress.com, Jetpack, and WooCommerce.

With over a decade of experience tracking threats in the WordPress ecosystem, WPScan adds significant firepower to Automattic’s mission to secure the open web.

About WPScan and the Acquisition

Founded in 2011 by Ryan Dewhurst, Erwan Le Rousseau, and Christian Mehlmauer, WPScan started as a simple Ruby-based scanner before evolving into a comprehensive vulnerability database.

Over the past ten years, the platform has cataloged over 23,000 vulnerabilities in WordPress core, themes, and plugins. This security hub supports developers, site maintainers, and enterprise users worldwide.

After years of collaboration, Automattic even sponsored WPScan. The takeover became official when Jetpack announced the acquisition on its blog.

WPScan will continue operating independently in the short term, and its founders will join Automattic to shape future security features.

Integration With Jetpack and Enhanced Security

Jetpack Product Engineering Lead Steve Seear emphasized that WPScan data already powers Jetpack Scan, and part of the acquisition’s mission is to make its data more accessible, especially for non-commercial users. Here’s what users can expect:

  • Expanded vulnerability database access across WordPress core, themes, and plugins with over 23,000 entries.
  • Founders are joining Automattic to ensure continuity and deep integration with Jetpack security efforts.
  • Commitment to opening APIs, potentially making free access available for non-commercial sites.

TechRadar reports that the acquisition strengthens Automattic’s security focus, bringing WPScan firmly under Jetpack’s umbrella, though for now, it remains a standalone asset.

Advantages for WordPress Developers and Administrators

This acquisition bolsters the broader WordPress ecosystem. Key benefits include:

  • Unified security workflow: Users can continue using standalone WPScan or rely on Jetpack Scan’s integration.
  • Open-source commitment: Automattic aims to make WPScan’s API accessible to non-commercial users.
  • Ongoing reliability: With the original team staying on, WPScan’s database and scanning services remain stable and supported.

According to WPTavern, users value WPScan’s specialized approach, finding things Jetpack Scan didn’t, like password strength and HTTPS checks.

A New Chapter in WordPress Security

As Automattic acquires WPScan, the platform is set to evolve, potentially integrating more closely with Jetpack while maintaining its open-source, standalone identity.

As the founders continue working under Automattic, users can expect continued growth in the reliability and accessibility of WordPress security tools.

Know more about this acquisition and other major M&A news.

Scroll to Top