Wordfence CLI 2.0.1: Free Vulnerability Scanning for WordPress Servers
Wordfence CLI 2.0.1, the latest update of the command line malware and vulnerability scanner for WordPress servers, has introduced free vulnerability scanning. This new feature has been highly requested by developers, site cleaners, agencies, and hosting companies who need to scan large numbers of files for remediation or across entire networks of millions of customers.
Wordfence is well-known for its Web Application Firewall, malware scanner, and login security product, which is available as a free plugin and installed on over 4 million websites. The CLI is the first-ever command line malware and vulnerability scanner specifically designed for WordPress servers.
Mark Maunder, CEO of Wordfence, explains that vulnerability scanning in Wordfence CLI 2.0.1 utilizes their own open vulnerability database. This database is completely free to use and includes open APIs and web hooks for developers to build real-time alerting into their applications. The goal of Wordfence is to secure the web, and providing an open vulnerability database along with a robust and high-performance vulnerability scanner for servers aligns with this mission.
The vulnerability database includes responsible disclosures published by researchers for the benefit of the wider community. Maunder emphasizes that since most vulnerabilities come from the research community, they believe these vulnerabilities are public property. Unlike some companies that charge for their collection of vulnerabilities, Wordfence has created an open and completely free vulnerability database.
The CLI vulnerability scans rely on the Wordfence Intelligence Vulnerability API feed, which is free for personal and commercial use. It contains more than 12,250 unique vulnerability records affecting 7,600 plugins and themes. Additionally, the Wordfence team adds an average of 82 new vulnerabilities per week to ensure comprehensive coverage.
Version 2.0.1, code named “Voodoo Child,” simplifies installation by eliminating the need for users to visit the Wordfence site to obtain an API key. The tool now fetches the API key in the background, making it easier for users to get started.
Wordfence CLI is licensed under the GPLv3 and is available on GitHub, along with comprehensive documentation for installation, configuration, and usage.
Matt Barry, the lead developer of Wordfence, highlights the importance of Wordfence CLI in the WordPress server administration space. He states that the product roadmap writes itself due to the evident need for a powerful tool like this. Wordfence is committed to investing heavily in Wordfence CLI and welcomes user guidance to further enhance its capabilities.
In conclusion, Wordfence CLI 2.0.1 brings free vulnerability scanning to WordPress servers, addressing the needs of developers, site cleaners, agencies, and hosting companies. With its open vulnerability database and robust vulnerability scanner, Wordfence aims to secure the web and provide a valuable resource for the WordPress community. The CLI is easy to install and use, and its continuous development ensures it remains a powerful tool for WordPress server administration.
