Introducing Free Wordfence Intelligence WordPress Vulnerability Webhook Notifications!
We’re incredibly excited to announce that we have launched a webhook integration for vulnerabilities as part of Wordfence Intelligence, which enables users to stay on top of the latest vulnerabilities being added to the Wordfence Intelligence WordPress Vulnerability database, all completely for free! This webhook feature makes it possible for users to receive real-time updates sent to a URL of their choice whenever new vulnerabilities are added to the Wordfence Intelligence WordPress Vulnerability Database, along with updates when vulnerability records are updated or deleted. In addition, our system can send new vulnerability notifications directly to a Slack or Discord channel based on pre-configured webhooks.
Wait, did you say free? Yes! This is a completely free to use feature. When we launched the public interface for Wordfence Intelligence and made API access to the vulnerability database free last December, our mission was to make our commercial high-quality WordPress vulnerability information easy to access for all users of the community and that mission hasn’t changed. Whether you’re an individual site owner making sure no vulnerabilities are present on your site, a security researcher looking to stay on top of the latest vulnerabilities, or an enterprise or developer looking to integrate quality vulnerability information into their platform or software, the Wordfence Intelligence Vulnerability Database is there to serve those needs for free.
Every vulnerability record added to the database is manually curated and validated by our team of highly credentialed and industry leading vulnerability researchers. We monitor as many vulnerability sources as possible including other WordPress vulnerability databases, changeset references, plugin closures, the CVE list, and more to ensure we remain on top of all the latest vulnerabilities affecting the WordPress ecosystem, as well as conducting our own in-house research to positively contribute to the security of the WordPress ecosystem. Our free database is one of the most complete WordPress vulnerability databases on the market with CVSS scores, detailed descriptions, succinct titles, references to affected code/changesets, and more, providing our users with the most accurate and high-quality information available to secure their sites or clients.
In order to get started with setting up a webhook integration, you need to have an account on http://www.wordfence.com which can be created at https://www.wordfence.com/sign-in/?action=register
Once registered and logged in, you can access http://www.wordfence.com/account/integrations where you should see the following page to manage the Webooks Integration:
Once ready to configure a webhook, you can click the ‘Add Webhook’ button in the top right corner where you should see the following prompt:
Here you have the option to configure what notifications you’d like to receive. ‘Create’ will send the entire JSON formatted record of any new vulnerability entries in our database to the configured URL, while ‘Replace’ will send the entire JSON formatted record of any modified vulnerabilities, and ‘Delete’ will send the UUID for any vulnerability records that have been deleted.
If you opt to format the data for Discord/Slack, you may only receive ‘Create’ events, which occur when new vulnerabilities are added to the database.
You also have the ability to generate and define a secret that can be used to sign any sent payloads with an HMAC signature, which can be used to verify the authenticity and integrity of the data being sent to your application.
Once a webhook has been configured, you’ll be able to view the last status code to verify things are running as expected, and have the option to edit, test, and view the logs for each configured webhook. You may also delete any webhook integration, or edit and disable any integrations. There is currently no limit to how many webhooks you can have configured.
If you are utilizing the webhook updates to maintain a local database of vulnerabilities, we recommend you do a one-time dump of vulnerabilities using the Wordfence Intelligence vulnerability API and then monitor the creations, updates, and deletions using a webhook integration.
If you’d simply like to stay on top of the latest vulnerabilities, we recommend using the Slack/Discord integration that pre-formats the data and sends it directly to the supplied webhook channel integration. The data will appear in your Slack/Discord channel like so:
You can find all of the technical documentation for creating webhook integrations at: https://www.wordfence.com/help/wordfence-intelligence-webhook-notifications/
We are incredibly excited about the launch of this feature as we know that it will enable more site owners, security researchers, developers, and enterprises to more effectively implement vulnerability monitoring and notifications. This in turn will have a positive impact on the WordPress ecosystem and security of the internet as a whole.
On a final note, we’d like to say a special thank you to our Premium, Care, and Response customers that make providing this vulnerability information to the community for free possible. Without your support and trust, we wouldn’t be able to provide completely free access to some of the best vulnerability information available on the market with the Wordfence Intelligence Vulnerability Database. All while continuing to create and provide integrations that make access to WordPress vulnerability information as seamless as possible for everyone.