Security

Wordfence Introduces API Changes to Secure Vulnerability Access

Wordfence updates its Vulnerability API requiring users to register for free access, enhancing security and reliability.

Editor · · 4 min read
Wordfence Introduces API Changes to Secure Vulnerability Access

Some links on this page are affiliate links. We may earn a commission when you click through and make a purchase, at no additional cost to you.

Wordfence is redefining access to its Intelligence Vulnerability Database API, requiring users to register for a free account by March 9, 2026. This move aims to maintain open vulnerability intelligence while enhancing security and reliability.

Since its inception in 2022, the Wordfence Intelligence Vulnerability Database has been a cornerstone for WordPress security, offering free access to crucial vulnerability information. As the database has grown, encompassing over 33,000 unique vulnerabilities, Wordfence is implementing changes to better manage increased API usage and prevent misuse.

To continue using the database, users must obtain an API key through their Wordfence account, enabling them to access the newly launched v3 API. This transition comes with a ~30-day grace period, allowing users to adjust their integrations before the v2 API ceases to function.

Why the Shift to API Keys?

The decision to require API keys stems from the need to manage the database’s rapid growth and ensure fair usage. With the JSON feed now returning 123 MB per request, Wordfence has introduced rate limits to prevent unintentional and intentional misuse. The default rate limit will be set to one request every 30 minutes, although exceptions can be made for special use cases.

This change is not just about managing traffic; it allows Wordfence to understand user engagement better and communicate directly with users when necessary. This proactive approach aims to enhance the service’s stability and reliability for its enterprise users.

A Commitment to Free Access

Despite these changes, Wordfence remains dedicated to providing free and open access to vulnerability intelligence. The database will continue to offer comprehensive vulnerability data and real-time updates via webhook integration, ensuring that the WordPress community has the resources needed for optimal security.

The introduction of API keys is a strategic move to sustain the quality of service as demand grows. By requiring registration, Wordfence can ensure that the community continues to benefit from accurate and transparent security intelligence without compromising on accessibility.

What To Do

  • Developers: Update your integrations to use v3 of the API and generate an API key from your Wordfence account.
  • Site Operators: Inform your IT teams about the transition to ensure no disruptions in vulnerability data access.
  • Enterprise Customers: Contact Wordfence if you require higher API request rates due to specific use cases.
Related News
prime seo review
Community
Prime SEO Review: A WordPress Plugin Built for AI Search
wordpress plugins
Hosting
How Many WordPress Plugins Are Too Many Plugins?
WordPress downtime costs
Hosting
Why Uptime Guarantees Are Crucial for WordPress Hosting