You care about what you build.
Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by a suite of additional features, Wordfence is the most comprehensive security option available.
WordPress security is all we do, cloud alternatives are generic. Learn More
Wordfence runs at the endpoint, your server, providing better protection than cloud alternatives. Cloud firewalls can be bypassed and have historically suffered from data leaks. Wordfence firewall leverages user identity information in over 85% of our firewall rules, something cloud firewalls don’t have access to. And our firewall doesn’t need to break end-to-end encryption like cloud solutions.
Our data is what makes the firewall and scanner effective, upgrade to Premium to enable real-time protection.
The best protection available
Wordfence includes a Web Application Firewall (WAF) that identifies and blocks malicious traffic. It runs at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives it does not break encryption, cannot be bypassed and cannot leak data. An integrated malware scanner blocks requests that include malicious code or content. Defends against brute force attacks by limiting login attempts, enforcing strong passwords and other login security measures. Upgrading to Premium enables real-time firewall rule and malware signature updates as well as the Real-time IP Blacklist, which blocks all requests from the most malicious IPs, protecting your site while reducing load.
Unrivaled detection capabilities
The Wordfence scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections. It also compares your files with what is in the WordPress.org repository, checking their integrity and reporting any changes to you. Repair files that have changed by overwriting them with a pristine, original version and easily delete any files that don't belong. It also checks your site for known security vulnerabilities, abandoned and closed plugins. Content safety checks insure that your files, posts and comments don't contain dangerous URLs or suspicions content. Upgrading to Premium enables real-time malware signature updates, reputation checks and better control over scan timing and frequency.
The best threat intelligence in the industry
The Threat Defense Feed arms the Wordfence plugin with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Wordfence protects over 2 million WordPress websites, giving us unmatched access to information about how hackers compromise sites, where attacks originate from and the malicious code they leave behind. Our security analysts and developers are 100% focused on WordPress security, constantly adding updates as they discover new threats. Premium members receive the real-time version of the Threat Defense Feed. Free users receive the community version, which is delayed by 30 days.
Blocking countries who are clearly engaging in malicious activity is an effective way to protect your site during an attack. Premium Feature
Wordfence country blocking is designed to stop an attack, prevent content theft or end malicious activity that originates from a geographic region in less than 1/300,000th of a second. Blocking countries who are regularly creating failed logins, a large number of page not found errors and are clearly engaging in malicious activity is an effective way to protect your site during an attack.
Stop brute force attacks permanently by using one of the most secure forms of remote system authentication available. Premium Feature
Take your site security to the next level with “Two Factor Authentication” and secure your website investment. Used by banks, government agencies and military worldwide, Two Factor is one of the most secure forms of remote system authentication available.
Monitor visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.
Wordfence uses our source code verification feature to help you recover from a hack. It tells you what changed in core, theme and plugin files and helps repair them.
Wordfence uses our source code verification feature to tell you what has changed and help repair hacked files. Backed by our cloud servers (over a terabyte of data), Wordfence checks the integrity of your core files, theme files and plugin files against what is stored in the official WordPress repository. We maintain a record of every WordPress core, theme and plugin file ever released to the official repository to provide this feature.
Protect your site against attacks that leverage password information stolen in data breaches. Block logins for administrators using known compromised passwords.
Data breaches have become all too common lately, arming attackers with millions of usernames, passwords and other sensitive data. We are unfortunately seeing attacks on WordPress sites in the wild leveraging this info.
Wordfence now includes protection against this specific threat. The feature allows you to block logins for administrators that use a known compromised password. Any administrator using a password previously seen in a breach will need to reset their password to log in. And we keep up to date with the latest breaches as the occur. We’ve done this by integrating our login security with the database provided by Troy Hunt’s version 2 of the Pwned Passwords API. Troy has built a substantial list of hundreds of millions of compromised passwords across hundreds of data breaches. LEARN MORE
Quickly and efficiently block entire malicious networks and any human or robot activity that indicates suspicious intentions based on pattern matching and IP ranges.
Quickly and efficiently dispatch site security threats by blocking entire malicious networks and any human or robot activity that indicates suspicious intentions based on pattern matching, IPs and IP ranges.
But our customers say it better!
WordFence Premium has provided excellent customer service. The plugin is easy to use, and the premium support is friendly and informative. Very happy with their service.
We have been using WordFence (free version) for years on all our 100+ WordPress websites. We haven’t had any hacked websites since then. Just recently we purchased the premium license to increase the security of our websites even more. We had some questions regarding a multi WP install on the same domain in various subfolders and received timely and professional support within a day. Everything is setup properly now and we sleep quietly at night knowing that it’s all secured.
If you know the horror of having your website hacked, you know the mountain of stress that comes with it. Even worse is trying to find a solution to fix your hacked website for a reasonable price without being overly sold to. This is where WordFence comes in to save the day.
They very quickly and thoroughly fixed my hacked website, keeping me updated with the status at all times. I also received a long report detailing what was hacked, how it was fixed, and instructions to secure my website from future hacks. In a matter of days, my site was unblacklisted by Google and I’m back in business!
While I can’t yet speak to how well WordFence secures your website from hacks, I can say that they have been the best solution for fixing my hacked website. Based on that experience, I have no problem entrusting them with securing my website going forward.
THANK YOU WORDFENCE! It was worth every penny.