Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Wordfence Bug Bounty: Get a $146 Wordfence Premium 5 year license per bug.

This entry was posted in Wordfence on August 5, 2013 by Mark Maunder   7 Replies

Update: Please note that this program has ended. Thank you to all who participated. 

Calling all WordPress developers! If you’re a PHP or Javascript developer, we’re offering one Wordfence 5 year Premium license per bug reported. These licenses are priced at $146.25.

Here are our terms and conditions:

  • We’re looking for bug reports in our open source plugin available here with developer tools available on this page.
  • Must be a PHP or Javascript bug that has a tangible impact on Wordfence’s functionality. In other words it must break Wordfence in some way. The bug can be easy or hard to reproduce and it’s OK if the bug only manifests itself very infrequently, but it must be a real bug.
  • Unfortunately we aren’t offering this reward for CSS or HTML bugs at this time, but we welcome all reports.
  • Must have been previously unreported. In other words it must be a new bug.
  • You must include instructions to reproduce the bug. If the bug in the code is obvious and you’re not sure how to reproduce it, let us know and submit it anyway. We’ll probably accept it.
  • You must include PHP code to fix the bug. We prefer patches.
  • Email your bugs to support@wordfence.com.
  • We reserve the right to refuse any submission.

Wordfence is hiring, so if you’re interested in working for us, include this in your bug report.

Happy bug bashing!!!


Did you enjoy this post? Share it!

7 Comments on "Wordfence Bug Bounty: Get a $146 Wordfence Premium 5 year license per bug."

mark August 5, 2013 at 8:50 pm

Quick update: A few minutes after posting this we've already handed out our first bounty!

Atul August 29, 2013 at 5:25 am

Reported Xss,
Have a look on your inbox :)

mark September 5, 2013 at 6:47 pm

Thanks Atul. Replied. This is not an XSS, but a great bug report and much appreciated. Bug bounty awarded accordingly.

Folks keep the bugs coming. We've had many reports since I posted this and every one of them was a valid bug with bounty awarded.

Thanks for the great work and for contributing to Wordfence.



Tushar September 7, 2013 at 1:49 am

Hello sir, reported an XSS to you. Reply to my email.

Tushar September 7, 2013 at 1:55 am

You fixed the Vulnerability and didn't even responded yet :( :(

mark September 7, 2013 at 4:02 am

Hi Tushar,

Yes we fix bugs and vulnerabilities as soon as they're reported. However if you discovered this vulnerability and reported it to us before it was fixed we're happy to award the bug bounty to you too. Email me at mark at wordfence dot com and I'll be happy to chat to you.



Tushar September 10, 2013 at 2:22 am

Email send to mark@wordfence.com. Please check.

Thanks :)

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates