Wordfence Bug Bounty Program March 2026 Report – 1,718 Submissions
Check the March 2026 bug bounty metrics and consider joining the Wordfence Bug Bounty Program to help secure WordPress plugins and themes.
Enroll in the Wordfence Bug Bounty Program and set up the free vendor portal to manage and patch vulnerabilities promptly.
Summary
Wordfence’s March 2026 Bug Bounty Program report announces 1,718 vulnerability submissions from the security community. The program processes these reports through a free Vulnerability Management Portal that vendors can use to track and manage all disclosed issues. Real‑time firewall protection is automatically applied to Premium, Care, and Response users, while free users receive protection after a 30‑day delay. The program is described as the most comprehensive WordPress vulnerability program, accelerating patch adoption and providing early protection to millions of sites.
The report also highlights the program’s transparent workflow, rapid triage, and the benefits of joining for developers and vendors who want to secure WordPress plugins and themes.
Key changes
- 1,718 vulnerability submissions received in March 2026
- Bug Bounty Program processes submissions via a free Vulnerability Management Portal
- Real‑time firewall protection for Premium, Care, and Response users; free users protected after 30 days
- Program accelerates patch adoption and is the most comprehensive WordPress vulnerability program
- 1718 submissions were validated and responsibly disclosed to vendors
- Portal allows vendors to track and manage all vulnerabilities centrally for free