Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.
Secure your website using the following steps to install Wordfence:
To install Wordfence on WordPress Multi-Site installations:
The WordPress security plugin provides the best protection available for your website. Powered by the constantly updated Threat Defense Feed, Wordfence Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly about security issues or if your site is compromised. The Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. A deep set of additional tools round out the most comprehensive WordPress security solution available.
We offer a Premium API key that gives you real-time updates to the Threat Defense Feed which includes a real-time IP blocklist, firewall rules, and malware signatures. Premium support, country blocking, more frequent scans, and spam and spamvertising checks are also included. Click here to sign-up for Wordfence Premium now or simply install Wordfence free and start protecting your website.
Wordfence sends security alerts via email. Once you install Wordfence, you will configure a list of email addresses where security alerts will be sent. When you receive a security alert, make sure you deal with it promptly to ensure your site stays secure.
Wordfence provides true endpoint security for your WordPress website. Unlike cloud based firewalls, Wordfence executes within the WordPress environment, giving it knowledge like whether the user is signed in, their identity and what access level they have. Wordfence uses the user’s access level in more than 80% of the firewall rules it uses to protect WordPress websites. Learn more about the Cloud WAF identity problem here. Additionally, cloud based firewalls can be bypassed, leaving your site exposed to attackers. Because Wordfence is an integral part of the endpoint (your WordPress website), it can’t be bypassed. Learn more about the Cloud WAF bypass problem here. To fully protect the investment you’ve made in your website you need to employ a defense in depth approach to security. Wordfence takes this approach.
No. Wordfence Security is extremely fast and uses techniques like caching its own configuration data to avoid database lookups and blocking malicious attacks that would slow down your site.
Wordfence Security is able to repair core files, themes and plugins on sites where security is already compromised. You can follow this guide on how to clean a hacked website using Wordfence. However, please note that site security cannot be assured unless you do a full reinstall if your site has been hacked. We recommend you only use Wordfence Security to get your site into a running state in order to recover the data you need to do a full reinstall. If you need help repairing a hacked site, we offer an affordable, high-quality site cleaning service that includes a Premium key for a year.
Yes. We fully support IPv6 with all security functions including country blocking, range blocking, city lookup, whois lookup and all other security functions. If you are not running IPv6, Wordfence will work great on your site too. We are fully compatible with both IPv4 and IPv6 whether you run both or only one addressing scheme.
Yes. WordPress Multi-Site is fully supported. Using Wordfence you can scan every blog in your network for malware with one click. If one of your customers posts a page or post with a known malware URL that threatens your whole domain with being blocklisted by Google, we will alert you in the next scan.
Providing excellent customer service is very important to us. We offer help to all our customers whether you are using the Premium or free version of Wordfence. For help with the free version, you can post in our forum where we have dedicated staff responding to questions. If you need faster or more in-depth help, Premium customers can submit a support ticket to our Premium support team.
Designed for every skill level, The WordPress Security Learning Center is dedicated to deepening users’ understanding of security best practices by providing free access to entry-level articles, in-depth articles, videos, industry survey results, graphics and more.
whitelistedServiceIPsto WAF storage engine.
permission_callbackparams to Wordfence Central REST routes.
wflogsdirectory is now correctly removed on uninstall.
wp_get_sites()which was deprecated in WordPress 4.6.
Undefined index: urlwith custom/premium plugins.
You can find a complete changelog on our documentation site.
The dashboard gives you an overview of your site's security including notifications, attack statistics and Wordfence feature status.
The firewall protects your site from common types of attacks and known security vulnerabilities.
The Wordfence Security Scanner lets you know if your site has been compromised and alerts you to other security issues that need to be addressed.
Wordfence is highly configurable, with a deep set of options available for each feature. High level scan options are shown above.
Brute Force Protection features protect you from password guessing attacks.
Block attackers by IP, Country, IP range, Hostname, Browser or Referrer.
The Wordfence Live Traffic view shows you real-time activity on your site including bot traffic and exploit attempts.
Take login security to the next level with Two-Factor Authentication.
Logging in is easy with Wordfence 2FA.