Wordfence Bug Bounty: Get a $146 Wordfence Premium 5 year license per bug.

Update: Please note that this program has ended. Thank you to all who participated. 

Calling all WordPress developers! If you’re a PHP or Javascript developer, we’re offering one Wordfence 5 year Premium license per bug reported. These licenses are priced at $146.25.

Here are our terms and conditions:

  • We’re looking for bug reports in our open source plugin available here with developer tools available on this page.
  • Must be a PHP or Javascript bug that has a tangible impact on Wordfence’s functionality. In other words it must break Wordfence in some way. The bug can be easy or hard to reproduce and it’s OK if the bug only manifests itself very infrequently, but it must be a real bug.
  • Unfortunately we aren’t offering this reward for CSS or HTML bugs at this time, but we welcome all reports.
  • Must have been previously unreported. In other words it must be a new bug.
  • You must include instructions to reproduce the bug. If the bug in the code is obvious and you’re not sure how to reproduce it, let us know and submit it anyway. We’ll probably accept it.
  • You must include PHP code to fix the bug. We prefer patches.
  • Email your bugs to support@wordfence.com.
  • We reserve the right to refuse any submission.

Wordfence is hiring, so if you’re interested in working for us, include this in your bug report.

Happy bug bashing!!!

 

Did you enjoy this post? Share it!

Comments

7 Comments
  • Quick update: A few minutes after posting this we've already handed out our first bounty!

  • Reported Xss,
    Have a look on your inbox :)

    • Thanks Atul. Replied. This is not an XSS, but a great bug report and much appreciated. Bug bounty awarded accordingly.

      Folks keep the bugs coming. We've had many reports since I posted this and every one of them was a valid bug with bounty awarded.

      Thanks for the great work and for contributing to Wordfence.

      Regards,

      Mark.

  • Hello sir, reported an XSS to you. Reply to my email.

  • You fixed the Vulnerability and didn't even responded yet :( :(

    • Hi Tushar,

      Yes we fix bugs and vulnerabilities as soon as they're reported. However if you discovered this vulnerability and reported it to us before it was fixed we're happy to award the bug bounty to you too. Email me at mark at wordfence dot com and I'll be happy to chat to you.

      Regards,

      Mark.

  • Email send to mark@wordfence.com. Please check.

    Thanks :)