Empowering WordPress Bug Bounty Hunters: Meet the New Wordfence Bug Bounty Program Researcher Dashboard

Today, we are very excited to announce the launch of our brand-new researcher dashboard for the Wordfence Bug Bounty Program! One frequent request we received from our researchers was to have a way to manage and track all their vulnerability submissions in a single location, and we’re delivering just that (and more) today. Now, once researchers log in, they will be redirected to their dashboard where they can track their progress, view highlights of their contributions, and manage all of their submissions.

The dashboard can also be accessed directly by any authenticated and registered researcher at: https://www.wordfence.com/researcher-dashboard

We are officially the first WordPress CNA and WordPress Bug Bounty Program provider to offer this feature, which we believe will further encourage vulnerability research in the WordPress space, while also creating a more enjoyable experience for researchers.

Ultimately, more submissions by researchers to the Wordfence Bug Bounty Program strengthens the protection Wordfence provides and ensures we remain the best vulnerability data provider, all while continuing to offer the data back to the community for free. To date, we’ve awarded over $300,000 in bounties across 1,514 vulnerability submissions that were in scope of our program.

Our goal isn’t to remain competitive in WordPress Bug Bounty, it is to revolutionize WordPress Bug Bounty and the researcher dashboard is our next step on our journey of revolutionizing the space.

Learn More  Join the Program

Continue reading to learn more about the exciting new addition, or jump to a relevant section below!

• Researcher Overview & Submission Stats
• Vulnerability Submission Tracking
• Upcoming Payouts and History
• Edit Profile Area

Researcher Overview & Submission Stats

The first area of the researcher dashboard is the ‘Your Progress’ tab. At the top, we’ve provided a high-level overview of how many vulnerabilities a researcher has submitted, total dollars in bounties earned, and some granularity on how many reports were rejected, marked as duplicates, out of scope, or in scope. It will also provide insights on how many reports a researcher currently has pending triage, and how many more they can submit while their reports are being triaged.

Further down on the same tab, you’ll find the researcher ‘Tier Progress’ tracker, aimed at helping researchers track how far along they are to achieving one of our higher researcher tiers: 1337 Researcher & Resourceful Researcher. We expect this will help researchers track how far along they are to achieving any given tier so they can better work towards their goals while unlocking new scope and rewards.

Finally, at the bottom of the ‘Your Progress’ tab, researchers will find a list of all of their earned achievement badges. Providing a source of inspiration, this helps remind researchers what they have accomplished, where they are at, and what goals they want to set and work towards.

Vulnerability Submission Tracking

The most exciting part of the new researcher dashboard is the ‘Active Submissions’ and ‘Submission History’ tabs. The ‘Active Submissions’ tab is a list of all vulnerabilities that a researcher has submitted, but haven’t been published yet. Vulnerabilities in this tab are actively being processed and are generally pre-triage, in-triage, in disclosure, or pending a bounty payment. Researchers can now find the status of all of their vulnerability submissions, along with all of their triage tickets in one place which should streamline submission management. Some of our top researchers have submitted well over 100 vulnerabilities, and close to 200 in some cases, so this dashboard should help them keep track of all of those valuable submissions.

Once a vulnerability has been published and a bounty has been paid, or the submission was rejected or marked as a duplicate, it will move to the ‘Submission History’ tab. This area is a place for researchers to track and manage all vulnerabilities that have been submitted to the Wordfence Bug Bounty Program and have been published or resolved.

Both tabs offer the ability to search and filter submissions so researchers can keep track of what they have submitted, what still needs to be submitted, and submissions that may need further details to reproduce.

Upcoming Payouts and History

With the introduction of the researcher dashboard, we migrated the previous payouts area found under /account to the new researcher dashboard, so everything related to the Bug Bounty Program can be managed in a single location. Researchers can now find all of their past payout data and upcoming payout data under the ‘Upcoming Payouts and History’ tab in the researcher dashboard.

Edit Profile Area

Similar to the payouts tab, we migrated the profile management area that was previously found under /account. We also introduced a new profile field that allows researchers to add a select number of certifications, used to help determine 1337 Researcher eligibility. Again, this is to streamline the management of everything related to the Bug Bounty Program for researchers.

Conclusion

In today’s post, we outlined all of the new features of the dashboard for researchers participating in the Wordfence Bug Bounty Program. We hope that all of these changes will help researchers organize their work and foster more research in the WordPress space. Ultimately, more submissions by researchers to the Wordfence Bug Bounty Program strengthens the protection Wordfence provides and ensures we remain the best vulnerability data provider, all while continuing to offer the data back to the community for free.

Learn More Join the Program

As a reminder, Wordfence awards up to $10,400 for the most critical vulnerabilities through our Bug Bounty program. Join us in revolutionizing WordPress Bug Bounty and making the web more secure!