May 282012
 
Plugin version: 7.11.4
Last updated: March 11, 2024 (1 week ago)
Tested up to (WP version): WP 6.4.3
Downloaded: 0
Rating: 5 (out of 5)

Description


THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER

WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time. Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.

At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24 hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident. The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.

Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.

WORDPRESS FIREWALL

  • Web Application Firewall identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.
  • [Premium] Real-time firewall rule and malware signature updates via the Threat Defense Feed (free version is delayed by 30 days).
  • [Premium] Real-time IP Blocklist blocks all requests from the most malicious IPs, protecting your site while reducing load.
  • Protects your site at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives does not break encryption, cannot be bypassed and cannot leak data.
  • Integrated malware scanner blocks requests that include malicious code or content.
  • Protection from brute force attacks by limiting login attempts.

WORDPRESS SECURITY SCANNER

  • Malware scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.
  • [Premium] Real-time malware signature updates via the Threat Defense Feed (free version is delayed by 30 days).
  • Compares your core files, themes and plugins with what is in the WordPress.org repository, checking their integrity and reporting any changes to you.
  • Repair files that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.
  • Checks your site for known security vulnerabilities and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.
  • Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content.
  • [Premium] Checks to see if your site or IP have been blocklisted for malicious activity, generating spam or other security issue.

LOGIN SECURITY

  • Two-factor authentication (2FA), one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.
  • Login Page CAPTCHA stops bots from logging in.
  • Disable or add 2FA to XML-RPC.
  • Block logins for administrators using known compromised passwords.

WORDFENCE CENTRAL

  • Wordfence Central is a powerful and efficient way to manage the security for multiple sites in one place.
  • Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.
  • Powerful templates make configuring Wordfence a breeze.
  • Highly configurable alerts can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.
  • Track and alert on important security events including administrator logins, breached password usage and surges in attack activity.
  • Free to use for unlimited sites.

SECURITY TOOLS

  • With Live Traffic, monitor visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.
  • Block attackers by IP or build advanced rules based on IP Range, Hostname, User Agent and Referrer.
  • Country blocking available with Wordfence Premium.


FAQ


Visit our website to access our official documentation which includes security feature descriptions, common solutions and comprehensive help.

How does Wordfence Security protect sites from attackers?

The WordPress security plugin provides the best protection available for your website. Powered by the constantly updated Threat Defense Feed, Wordfence Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly about security issues or if your site is compromised. The Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. A deep set of additional tools round out the most comprehensive WordPress security solution available.

What features does Wordfence Premium enable?

We offer a Premium API key that gives you real-time updates to the Threat Defense Feed which includes a real-time IP blocklist, firewall rules, and malware signatures. Premium support, country blocking, more frequent scans, and spam and spamvertising checks are also included. Click here to sign-up for Wordfence Premium now or simply install Wordfence free and start protecting your website.

How does the Wordfence WordPress Firewall protect websites?

  • Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website.
  • Threat Defense Feed automatically updates firewall rules that protect you from the latest threats. Premium members receive the real-time version.
  • Block common WordPress security threats like fake Googlebots, malicious scans from hackers and botnets.

What checks does the Wordfence Security Scanner perform?

  • Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
  • See how files have changed. Optionally repair changed files that are security threats.
  • Scans for signatures of over 44,000 known malware variants that are known WordPress security threats.
  • Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many more.
  • Continuously scans for malware and phishing URL’s including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats.
  • Scans for heuristics of backdoors, trojans, suspicious code and other security issues.

What security monitoring features does Wordfence include?

  • See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
  • A real-time view of all traffic including automated bots that often constitute security threats that Javascript analytics packages never show you.
  • Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
  • Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.

What login security features are included

  • See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
  • A real-time view of all traffic including automated bots that often constitute security threats that Javascript analytics packages never show you.
  • Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
  • Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.

How will I be alerted if my site has a security problem?

Wordfence sends security alerts via email. Once you install Wordfence, you will configure a list of email addresses where security alerts will be sent. When you receive a security alert, make sure you deal with it promptly to ensure your site stays secure.

Do I need a security plugin like Wordfence if I’m using a cloud based firewall (WAF)?

Wordfence provides true endpoint security for your WordPress website. Unlike cloud based firewalls, Wordfence executes within the WordPress environment, giving it knowledge like whether the user is signed in, their identity and what access level they have. Wordfence uses the user’s access level in more than 80% of the firewall rules it uses to protect WordPress websites. Learn more about the Cloud WAF identity problem here. Additionally, cloud based firewalls can be bypassed, leaving your site exposed to attackers. Because Wordfence is an integral part of the endpoint (your WordPress website), it can’t be bypassed. Learn more about the Cloud WAF bypass problem here. To fully protect the investment you’ve made in your website you need to employ a defense in depth approach to security. Wordfence takes this approach.

What blocking features does Wordfence include?

  • Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
  • Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report WordPress security threats to network owner.
  • Rate limit or block WordPress security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
  • Choose whether you want to block or throttle users and robots who break your WordPress security rules.
  • Premium users can also block countries and schedule scans for specific times and a higher frequency.

What differentiates Wordfence from other WordPress Security plugins?

  • Wordfence Security provides a WordPress Firewall developed specifically for WordPress and blocks attackers looking for vulnerabilities on your site. The Firewall is powered by our Threat Defense Feed which is continually updated as new threats emerge. Premium customers receive updates in real-time.
  • Wordfence verifies your website source code integrity against the official WordPress repository and shows you the changes.
  • Wordfence scans check all your files, comments and posts for URLs in Google’s Safe Browsing list. We are the only plugin to offer this very important security enhancement.
  • Wordfence scans do not consume large amounts of your bandwidth because all security scans happen on your web server which makes them very fast.
  • Wordfence fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click.
  • Wordfence includes Two-Factor authentication, the most secure way to stop brute force attackers in their tracks.
  • Wordfence fully supports IPv6 including giving you the ability to look up the location of IPv6 addresses, block IPv6 ranges, detect IPv6 country and do a whois lookup on IPv6 addresses and more.

Will Wordfence slow down my website?

No. Wordfence Security is extremely fast and uses techniques like caching its own configuration data to avoid database lookups and blocking malicious attacks that would slow down your site.

What if my site has already been hacked?

Wordfence Security is able to repair core files, themes and plugins on sites where security is already compromised. You can follow this guide on how to clean a hacked website using Wordfence. If you are cleaning your own site after a hack, note that site security cannot be assured unless you do a full reinstall if your site has been hacked. We recommend you only use Wordfence Security to get your site into a running state in order to recover the data you need to do a full reinstall. If you need help with a security issue, check out Wordfence Care, which offers hands-on support from our team, including dealing with a hacked site. For mission-critical sites, check out Wordfence Response.

Does Wordfence Security support IPv6?

Yes. We fully support IPv6 with all security functions including country blocking, range blocking, city lookup, whois lookup and all other security functions. If you are not running IPv6, Wordfence will work great on your site too. We are fully compatible with both IPv4 and IPv6 whether you run both or only one addressing scheme.

Does Wordfence Security support Multi-Site installations?

Yes. WordPress Multi-Site is fully supported. Using Wordfence you can scan every blog in your network for malware with one click. If one of your customers posts a page or post with a known malware URL that threatens your whole domain with being blocklisted by Google, we will alert you in the next scan.

What support options are available for Wordfence users?

Providing excellent customer service is very important to us. Our free users receive volunteer-level support in our support forums. Wordfence Premium customers get paid ticket-based support. Wordfence Care customers receive hands-on support including help with security incidents and a yearly security audit. Wordfence Response customers get 24/7/365 support from our incident response team, with a 1 hour response time, and a maximum of 24 hours to resolve a security issue.

Where can I learn more about WordPress security?

Designed for every skill level, The WordPress Security Learning Center is dedicated to deepening users’ understanding of security best practices by providing free access to entry-level articles, in-depth articles, videos, industry survey results, graphics and more.

Where can I find the Wordfence Terms of Service and Privacy Policy?

These are available on our website: Terms of Service and Privacy Policy



Screenshots:


  1. The dashboard gives you an overview of your site's security including notifications, attack statistics and Wordfence feature status.

    The dashboard gives you an overview of your site's security including notifications, attack statistics and Wordfence feature status.

  2. The firewall protects your site from common types of attacks and known security vulnerabilities.

    The firewall protects your site from common types of attacks and known security vulnerabilities.

  3. The Wordfence Security Scanner lets you know if your site has been compromised and alerts you to other security issues that need to be addressed.

    The Wordfence Security Scanner lets you know if your site has been compromised and alerts you to other security issues that need to be addressed.

  4. Wordfence is highly configurable, with a deep set of options available for each feature. High level scan options are shown above.

    Wordfence is highly configurable, with a deep set of options available for each feature. High level scan options are shown above.

  5. Brute Force Protection features protect you from password guessing attacks.

    Brute Force Protection features protect you from password guessing attacks.

  6. Block attackers by IP, Country, IP range, Hostname, Browser or Referrer.

    Block attackers by IP, Country, IP range, Hostname, Browser or Referrer.

  7. The Wordfence Live Traffic view shows you real-time activity on your site including bot traffic and exploit attempts.

    The Wordfence Live Traffic view shows you real-time activity on your site including bot traffic and exploit attempts.

  8. Take login security to the next level with Two-Factor Authentication.

    Take login security to the next level with Two-Factor Authentication.

  9. Logging in is easy with Wordfence 2FA.

    Logging in is easy with Wordfence 2FA.



Other notes:




Latest Change log entry:


  • Change: CAPTCHA verification when enabled now additionally applies to 2FA logins (may send an email verification on low scores) and no longer reveals whether a user exists for the submitted account credentials (credit: Raxis)
  • Fix: Addressed a potential PHP 8 notice in the human/bot detection AJAX call
  • Fix: Addressed a potential PHP 8 notice when requesting a lockout unlock verification email
  • Fix: Fixed the emailed diagnostics view not showing the missing table information when applicable
  • Fix: Improved quick scan logic to base timing on regular scans so they’re more evenly distributed


Tags:


2FA, malware, security, two factor, WAF

+ Jason's Comments

Wordfence security

Wordfence Security is my preferred solution. It has an easy and automated scanner that check for malicious code and can compare the WordPress, Theme and Plugins files with the original WordPress library, allow you to view the differences and revert to original version of file or delete it. Wordfence has a firewall preventing malicious scripts from operating, a built in traffic log which allows you to block bad IP addresses, a method to automatically limit fake crawlers and limit and block login attempts by hackers.

wordfence threat defence feed

Wordfence security website protection

Wordfence Premium

Upgrade today for these features:

  • Receive real-time Firewall and Scan engine rule updates for protection as threats emerge
  • Real-time IP Blacklist blocks the most malicious IPs from accessing your site
  • Country blocking
  • Two factor authentication
  • IP reputation monitoring
  • Schedule scans to run more frequently and at optimal times

I offer Wordfence Premium upgrade for AUD$179 / year (install, setup, RRP USD$119) - contact Jason.

Bundle with 12 month Maintenance plan for 15% off Wordfence premium upgrade - contact Jason.

I also recommend SSL Domain Security Certificate to encrypt all data communication between your visitors browser and the web server (browsers and Google search will give recognition to a secure connection).

Read up on other WordPress security related plugins and strategies.

SSL domain security certificate

Website Optimization and Maintenance

There are a few ways to optimize and speed up your website for viewers and search engines: database clean up, image optimization, page / script compression, CPU / server load optimization, server file caching and utilize browser caching.

I provide website tune ups on request and recommend a schedule for Search Engine Optimization (SEO) and Page Speed optimization.

Optimization is best applied together with website security and protection and backup and maintenance.

Top