WPScan Licensing

WPScan Licensing
When you first release software online you don’t put too much thought into the software license (I didn’t at least). You have no idea if the project will tak…

It looks like the WordPress security tool WPScan is looking to move away from the GNU GPL license for their software. That’s rather unfortunate, but after reading about companies trying to repackage and sell WPScan as their own work, I totally get where they’re coming from.

Chasing these companies takes time, sometimes a whole day of emails back and forth arguing the intricacies of the GNU GPL while they try and weasel their way out of complying to our license. This takes a lot of my time away from the important stuff, working on WPScan and the WPScan Vulnerability Database. Because of this I decided to add a clause to the license. If you want to sell WPScan you can pay for a commercial license, otherwise you can use it under the GNU GPL.

After a few months with this license it was pointed out to me that the GNU GPL does not allow these kind of clauses. What some individuals and companies decided was a ‘loophole’.

Their new (proposed) license has been posted as a Gist — which I’ve embedded below — and the developers are welcoming feedback.

If you’re schooled in Public/Open Source software licenses and are interested in the future of WordPress security tools, go leave a comment!