THE MOST DOWNLOADED WORDPRESS SECURITY PLUGIN
WordPress security is all we do. Secure your WordPress website with Wordfence. Powered by the constantly updated Threat Defense Feed, our Web Application Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your WordPress website. A deep set of additional tools round out the most complete WordPress security solution available.
With over 22 million downloads, Wordfence is the most popular WordPress security plugin available. Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize. Click here to sign-up for Wordfence Premium now or simply install Wordfence free and start protecting your website.
You can find our official documentation at docs.wordfence.com and our Frequently Asked Questions on our support portal at support.wordfence.com. We are also active in our community support forums on wordpress.org if you are one of our free users. Our Premium Support Ticket System is at support.wordfence.com. Learn about WordPress security at wordfence.com/learn.
This is a brief introductory video for Wordfence:
Wordfence Security is Multi-Site compatible and includes Cellphone Sign-in which permanently secures your WordPress website from brute force hacks.
WORDPRESS SECURITY FEATURES
- Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website.
- Threat Defense Feed automatically updates firewall rules that protect you from the latest threats. Premium members receive the real-time version.
- Block common WordPress security threats like fake Googlebots, malicious scans from hackers and botnets.
- Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
- Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report WordPress security threats to network owner.
- Rate limit or block WordPress security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
- Choose whether you want to block or throttle users and robots who break your WordPress security rules.
- Premium users can also block countries and schedule scans for specific times and a higher frequency.
WordPress Login Security
- Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
- Enforce strong passwords among your administrators, publishers and users. Improve login security.
- Checks the strength of all user and admin passwords to enhance login security.
- Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise WordPress security.
- Scans for the HeartBleed vulnerability – included in the free scan for all users.
- Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
- See how files have changed. Optionally repair changed files that are security threats.
- Scans for signatures of over 44,000 known malware variants that are known WordPress security threats.
- Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
- Continuously scans for malware and phishing URL’s including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats.
- Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
- See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
- Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
- Monitor your DNS security for unauthorized DNS changes.
- Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
Multi-Site WordPress Security
- Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
- WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
- Fully IPv6 compatible including all whois lookup, location, blocking and security functions.
Major Theme and Plugins Supported
- Includes support for other major plugins and themes like WooCommerce.
Free Learning Center
- The Wordfence website includes an in-depth WordPress Security Learning Center.
The Wordfence WordPress security plugin is full-featured and constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.