Case Study: WordPress achieves stronger security and faster vulnerability discovery with HackerOne

Wordpress Security Team Lead on Their Public Bug Bounty Program Launch

WordPress, the open-source engine powering over a quarter of the web, needed a scalable way to keep its vast ecosystem secure as it moved from a private to a public bug bounty. The challenge was handling a drastic increase in report volume while ensuring clear program scope, effective triage, and prioritized remediation so the core security team could focus on the most serious risks.

WordPress partnered with HackerOne to launch a public bounty, leveraging its large, vetted hacker community and platform tools (automated triggers, triage features, and streamlined payments). The program produced high-quality reports, helped the team find issues they might have missed, sped up fixes, and enabled better prioritization—setting the stage to expand coverage to popular plugins and themes for broader protection.

WordPress

Aaron Campbell

Security Team Lead