Article by Lisa Hoover McGreevy
WordPress has struggled in recent weeks with a spate of security issues ranging from malware infections to denial-of-service vulnerabilities. It’s not a big surprise then that Automattic, the open source development company behind WordPress, acquired security vendor BruteProtect last week for an undisclosed sum.
The upshot of the acquisition is that BruteProtect’s security features are now available to all WordPress users at no cost. The service protects sites from brute force login attempts and makes sure all your plugins and themes are up-to-date to minimize entry points for hackers.
In the coming months, BruteProtect will be added to Automattic’s Jetpack service, a collection of plugins that add dozens of WordPress.com features to self-hosted WordPress.org sites. Once the implementation is complete, BruteProtect as a standalone service will be shut down.
According to Sam Hotchkiss, founder of BruteProtect, acquisition plans began to take shape earlier this year after he reached out to Automattic CEO Matt Mullenweg to gauge his interest in investing in a project to develop a simple security plugin for Jetpack. In the end, Mullenweg opted to simply buy the company outright and absorb its development team.
“Though Automattic is known for its consumer-facing services like WordPress.com and Jetpack, the infrastructure behind them is the bottom part of the iceberg,” write’s Mullenweg in a company blog post. “This is Internet plumbing: when it works it’s completely invisible, and we love that. We’re now pushing 450 terabytes of data a day from 9 datacenters around the globe.”
Targeting WordPress users is a favorite pastime for hackers simply because they have so many users. By the company’s own estimation, “tens of thousands” of new WordPress sites are created every day, so finding vulnerabilities is simply a numbers game that works to the advantage of someone with ill intent.
Though sometimes considered a site for amateur content creators, the reality is that there are some pretty big names using WordPress as a full-bore content management system. Sites like The New York Times, UPS, eBay and Reuters all use WordPress to publish their content. It’s a bit surprising it took Automattic so long to acquire a dedicated security company and it’s likely BruteForce has plenty to occupy themselves with in keeping WordPress sites safe.