From 221f3fcbfdf3a52a81e592aeff37d5530e7ed1b1 Mon Sep 17 00:00:00 2001
From: Ryan Dewhurst <ryandewhurst@gmail.com>
Date: Mon, 1 Feb 2021 13:28:31 +0100
Subject: [PATCH] Update README.md

---
 README.md | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 4fb52a60..f883b7ff 100644
--- a/README.md
+++ b/README.md
@@ -85,9 +85,19 @@ For more options, open a terminal and type ```wpscan --help``` (if you built wps
 
 The DB is located at ~/.wpscan/db
 
-## Vulnerability Database
+## Optional: WordPress Vulnerability Database API
 
-The WPScan CLI tool uses the [WPScan API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan](https://wpscan.com/register). Up to 25 API requests per day are given free of charge to registered users. Once the 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan](https://wpscan.com/).
+The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
+
+Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
+
+#### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
+
+### How many API requests do you need?
+
+- Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
+- On average, a WordPress website has 22 installed plugins.
+- The Free plan should cover around 50% of all WordPress websites.
 
 ## Load CLI options from file/s