WordPress Security: WordPress Have Joined HackerOne


WordPress Security Having grown rapidly over the last thirteen years, now powering 28% of the top ten million websites, WordPress decided that it was time to update their security systems and their security team have recently announced that they are now using HackerOne to do this.

WordPress Security: What is HackerOne?

HackerOne is a bug bounty platform that was created by security leaders from Google, Facebook and Microsoft.

The aim of the system is to increase cyber security for small and large organisations and detect vulnerabilities within back-end systems that may otherwise not have been noticed.

As a company, HackerOne’s intention is to allow companies to better protect consumer data and lead to trusted relationships being built and maintained between businesses and their customers.

They work directly with the global research community to highlight the most recent security issues.

Having this security system in place allows consumers to feel that their personal data is safe and well protected.

Why have WordPress joined HackerOne?

WordPress believe that using the HackerOne platform will reduce the amount of time taken to deal with regularly reported issues, giving their team more time to improve the overall security of WordPress.

Using HackerOne enables security researchers to securely and sensibly report bugs to the WordPress security team.

What does HackerOne offer?

The HackerOne platform provides insights into security posture by metrics obtained through continuous security assessments.

Furthermore, it monitors company statistics and gives organisations the opportunity to keep track of things like response times and pending disclosures.

HackerOne provides a security inbox that allows potential security issues to be reported. Using the security inbox enables system security teams to stay in control of what can become a chaotic process.

From initial validation to communicating with the hacker, HackerOne’s platform gives security teams complete control of resolving bugs and eliminating security threats. It removes the possibility of miscommunication and guarantees positive outcomes.

HackerOne works with their community to determine bug bounties for hackers that detect relevant security issues. They take care of any tax obligations and international payments surrounding bug bounties.

Bug Bounties

Along with the announcement of the WordPress HackerOne program, the WordPress security team also offer bug bounties to any hackers that responsibly report any bugs.

Doing this allows them to reward reporters for disclosing security issues with any products or within the system itself. It provides an incentive for other individuals to report any bugs they find and the bounties are determined by the size of the security issue and quality of the report.

Currently, WordPress have already awarded more than $3,700 in bounties to seven reporters. Reporters will be paid a minimum of $150 for any bugs that warrant a cash reward and the largest bounty to be paid out so far is $1,337. Hooded jumpers are being sent as a bounty to those that report bugs that do not warrant a cash reward.

The bounties and program cover all of WordPress’s projects and websites.

WordPress Design and Development

If you are a creative agency that is currently in need of WordPress design and development services, we can help.

We are a white-label development agency that uses our knowledge and expertise of WordPress, Magento and web design and development, to create websites that your consumers will love.

We work with you to determine your client’s needs and goals and provide custom development services.

For further information regarding our WordPress development services, please contact us on 01257 758078 or email our team at enquries@codeias.com.