Wordfence starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster.
Wordfence Security is 100% free. We also offer a Premium API key that gives you access to our premium support ticketing system at support.wordfence.com along with two factor authentication via SMS, country blocking and the ability to schedule scans for specific times.
- Includes Falcon Engine, the fastest WordPress caching engine available today. Falcon is faster because it reduces your web server disk and database activity to a minimum.
- Includes support for other major plugins and themes like WooCommerce.
- Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
- Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
- Includes two-factor authentication, also referred to as cellphone sign-in.
- Scans for the HeartBleed vulnerability – included in the free scan for all users.
- Wordfence includes two caching modes for compatability and has cache management features like the ability to clear the cache and monitor cache usage.
- Enforce strong passwords among your administrators, publishers and users. Improve login security.
- Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
- Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
- Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report security threats to network owner.
- See how files have changed. Optionally repair changed files that are security threats.
- Scans for signatures of over 44,000 known malware variants that are known security threats.
- Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
- Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.
- Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
- Checks the strength of all user and admin passwords to enhance login security.
- Monitor your DNS security for unauthorized DNS changes.
- Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
- Choose whether you want to block or throttle users and robots who break your security rules.
- Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
- See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
- Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
- Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
- Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
- WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
- Premium users can also block countries and schedule scans for specific times and a higher frequency.
Wordfence Security is full-featured and constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.
What does Wordfence Security do that other WordPress security plugins don’t do?
- Wordfence Security is the only security plugin that is fully integrated with it’s own high speed caching engine to avoid security and caching conflicts.
- Wordfence Security actually verifies your website source code integrity against the official WordPress repository and shows you the changes. We are the only plugin to do this.
- Wordfence Security provides two-factor authentication (Cellphone Sign-in) for paid members. We’re the only plugin to offer this.
- Wordfence Security includes comprehensive protection against DDoS attacks by giving you a performance boost up to 50X and giving you the option to disable XML-RPC among other features.
- Wordfence Security scans check all your files, comments and posts for URL’s in Google’s Safe Browsing list. We are the only plugin to offer this very important security enhancement.
- Wordfence Security scans do not consume large amounts of your precious bandwidth because all security scans happen on your web server which makes them very fast.
- Wordfence Security fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click.
- Wordfence Security includes Two-Factor authentication, the most secure way to stop brute force attackers in their tracks.
Does Wordfence Security support Multi-Site installations?
Yes. WordPress MU or Multi-Site as it’s called now is fully supported. Using Wordfence Security you can security scan every blog in your network with one click. If one of your customers posts a page or post with a known malware URL that threatens your whole domain with being blacklisted by Google, we will tell you within a maximum of one hour which is how often scans occur.
Will Wordfence Security slow my site down?
No. Actually it will make your site up to 50X faster when Falcon Engine is enabled, up to 30 times faster with our PHP caching engine and even
without caching Wordfence is extremely fast and uses techniques like caching it’s own configuration data to avoid database lookups. Older
versions of Wordfence did incur a slight performance penalty, but we have not only fixed this issue but knocked it out of the park. Wordfence
now makes your site faster than any other caching plugin available!!
How often is Wordfence Security updated?
The Wordfence Security plugin is frequently updated and we update the code on our security scanning servers
more frequently. Our cloud servers are continually updated with the latest known security threats and vulnerabilities so
that we can blog any security threat as soon as it emerges in the wild.
What if I need support?
All our paid customers receive priority support. Excellent customer service is a key part
of being a Wordfence Security member. As free or Premium member can visit support.wordfence.com and where you will find out knowledgebase. If you’re a Premium member you can also open a support ticket.
Can I disable certain security features of Wordfence Security?
Yes! Simply visit the Options page, click on advanced options and enable or disable the security features you want.
What if my site security has already been compromised by a hacker?
Wordfence Security is the only security plugin that is able to repair core files, themes and plugins on sites where security is already compromised.
However, please note that site security can not be assured unless you do a full reinstall if your site has been hacked. We recommend you only
use Wordfence Security to get your site into a running state in order to recover the data you need to do a full reinstall. A full reinstall is the only
way to ensure site security once you have been hacked.
How will I be alerted that my site has a security problem?
Wordfence Security sends security alerts via email. Once you install Wordfence Security, you will configure a list of email addresses where security alerts will be sent.
When you receive a security alert, make sure you deal with it promptly to ensure your site stays secure.
My WordPress site is behind a firewall. Doesn’t that make it secure?
If your site is accessible from the web, it means that people you don’t know can execute PHP code on your site.
They have to be able to execute PHP code, like the core WordPress code, in order for your site to work.
Most WordPress security threats allow a hacker to execute PHP code on your website. The challenge hackers
face is how to get their malicious PHP code onto your site to compromise your security. There
are many upload mechanisms that WordPress itself, themes and plugins offer and the vast majority of these
are secure. However, every now and then a hacker discovers an upload mechanism that is not secure or
a way of fooling your site into allowing an upload. That is usually when security is compromised. Even
though your site is behind a commercial firewall, it still accepts web requests that include uploads and executes PHP code
and as long as it does that, it may become face a security vulnerability at some point.
Will Wordfence Security protect me against the Timthumb security problem?
The timthumb security exploit occurred in 2011 and all good plugins and themes now use an updated
version of timthumb (which the creator of Wordfence Security wrote and donated to the timthumb author) which closes the security hole that
caused the problem. However we do scan for old version of timthumb for good measure to make sure they don’t
cause a security hole on your site.