In 2022, Wordfence introduced a completely free vulnerability database to support the WordPress security community. We made sure that included completely free access to the Wordfence Intelligence Vulnerability Database API on the founded belief that WordPress vulnerability information should be freely and readily accessible to everyone in the community for optimal security coverage. Since then, the database has grown significantly, not only in size, but also in popularity and usage across the ecosystem.
Over the past 3 years, we’ve introduced several initiatives to further support the WordPress security community. These include our Bug Bounty Program, which rewards researchers for responsibly disclosing vulnerabilities in WordPress; our Researcher Portal, which offers a streamlined, centralized experience for submitting and tracking vulnerability reports; and our Vendor Portal, a completely free resource that allows plugin and theme vendors to efficiently track and manage vulnerability disclosures.
To ensure we can continue providing a reliable, high-quality experience as usage grows, we’d like to inform the community that starting March 9th 2025, free access to the Wordfence Intelligence Vulnerability Database will require registering for a free account on wordfence.com and accessing the database using an API key. The API will remain completely free to access.
What’s Changing?
Today, we’re launching v3 of the Wordfence Intelligence Vulnerability Database API, which requires a valid authorization token. This token can be generated in the Integrations section of your Wordfence account dashboard. You can find complete documentation on this new authentication requirement here.
To make this transition as smooth as possible, we’re providing a ~30-day transition period during which the existing v2 API will remain accessible. This gives all users ample time to update their integrations and migrate to the v3 implementation.
Importantly, the data itself is not changing. The vulnerabilities included in the feed, the structure of the data, and our commitment to accuracy and transparency all remain the same.
After March 9th 2025, v2 of the Wordfence Intelligence Vulnerability API will no longer return data and will instead respond with an error code. We strongly encourage users to complete the transition during the ~30-day transition period to avoid any disruption.
Because we currently do not have a way to directly contact existing users of the Wordfence Intelligence Vulnerability Database, we kindly ask that you help amplify this message to ensure as many users as possible are aware of the change and can migrate in time.
Why Are We Making This Change?
The Wordfence vulnerability database now contains over 33,000 unique vulnerabilities and continues to grow at an accelerating pace with our JSON feed returning 123 MB on every request. With this growth, we’ve seen a substantial increase in API usage, including both unintentional and intentional misuse, which has required the introduction of global rate limits.
Requiring registration allows us to:
- Better understand how the API is being used
- Apply fair and flexible rate limits based on real-world use cases. The default will now be 1 request per every 30 minutes. Please contact us if you have a special use case that may need more requests.
- Contact users if we detect issues or need to share important updates to the API
Ultimately, this change enables us to better support everyone who relies on Wordfence Intelligence and helps ensure the long-term stability and reliability of the service.
Our Commitment to Open Vulnerability Intelligence Remains the Same
This update does not change our commitment to free and open vulnerability intelligence for the WordPress community.
We will continue to provide:
- Free access to our complete vulnerability database
- A completely free webhook integration for real-time vulnerability updates
- Transparent, community-focused security intelligence
The Wordfence Intelligence Vulnerability Database will always remain a free and open resource. This update simply allows us to deliver a more reliable, secure, and scalable experience for everyone who depends on it.
The post Important Notice: Preserving Free Access While Evolving the Wordfence Intelligence Vulnerability API appeared first on Wordfence.