WordPress Paying Bug Bounties on HackerOne

WordPress is an Open Source Content Management System that allows users to build websites and blogs. We’ve been using the WordPress platform to build websites for our clients since 2009 and feel it is the best free CMS available today. And we’re not the only ones, WordPress now powers more than 28% of all sites on the web.

Because of the nature of “Open Source”, the WordPress core software is openly available to anyone in the world to use, including hackers! This unfortunately gives them the ability to spend countless hours trying to find bugs and flaws in the code to exploit for malicious purposes.

The Security Team at WordPress has been working hard to combat hackers, and to take it a step further, they have officially joined HackerOne.

The HackerOne platform was designed so security researchers can report vulnerabilities to the WordPress Security Team in a safe and responsible manner. They began working on this project privately just over a year ago and have finally made it public.

With the HackerOne announcement, WordPress has also introduced bug bounties. They reward reporters for disclosing issues to better help secure the WordPress platform. They have already awarded over $3,700 in bounties to seven different reporters.

So what does this mean for your WordPress powered website?

It takes a village to keep a project like WordPress moving forward, and the core contributors can’t do it alone. With the addition of the HackerOne community seeking those bug bounties, it will allow the WordPress Security Team to work more efficiently to patch the code and push security updates to your website.

 


 

At Current Media Group we take security very seriously. With our Managed WordPress Hosting, we make sure that our client’s websites are backed up daily, and protected with multiple firewalls throughout our enterprise-grade infrastructure. Our real-time security threat detection, and security audits and code reviews help to keep client’s sites safe. Should a website become compromised, we will immediately take action to find the exploit, remove the malicious code, and have the site back up and running in no time.