This site uses cookies in accordance with our Privacy Policy.
Wordfence CLI is an open source, high performance, multi-process security scanner, written in Python, that quickly scans local and network filesystems to detect PHP malware and WordPress vulnerabilities. Wordfence CLI is open source under GPLv3. We offer both Free and Premium CLI license options. CLI Premium detects all known PHP malware - over 14 million malware variants. CLI Free has a 30 day delay for malware detection. CLI also detects over 11,800 WordPress vulnerabilities, including the very newest vulnerabilities, using our open and continuously updated vulnerability database. Vulnerability scanning is free for all license types.
Jump to Installation Instructions to get started.
-
Free vs Paid CLI Licenses
CLI Free CLI Premium High performance using multiple CPU cores High performance using multiple CPU cores Configurable resource usage Configurable resource usage Comprehensive WP Vulnerability Scanning Comprehensive WP Vulnerability Scanning Detects all known WordPress vulnerabilities Detects all known WordPress vulnerabilities Signatures delayed 30 days Real-time malware signatures No signup required, download and run API key enables real-time data feeds Documentation and issue reporting via GitHub Access to Premium Customer Support The free version of Wordfence CLI has a 30-day delay on malware signatures. The premium version of Wordfence CLI has access to the complete, real-time malware signatures for more demanding environments. Real-time signatures are used by both the paid version of the Wordfence Plugin and the paid version of Wordfence CLI. We add approximately 30 to 70 new signatures every month. Wordfence's vulnerability scanning is free for everyone.
Wordfence CLI Premium pricing is based on the number of sites being scanned. Starting with a base price of $119 for the first 100 sites, add on additional sites at increments of 100 with pricing dependent on the total number of sites (see Site Pricing above). The number of sites is self-reported, however, we've included a
<count-sites>subcommand that automatically detects WordPress sites to help you determine the number of sites to include for your license. CLI Premium includes access to Wordfence's industry leading Customer Support Team.Enterprise CLI is designed for very large hosts with more than 100,000 customers. For example, if you are hosting several million WordPress sites and would like to conduct daily or even hourly high performance scans across your entire fleet, we'd love to chat with you. Please contact our team for a quote.
-
Access Wordfence's Real-Time Malware Signatures
Purchase a Wordfence CLI Premium license for access to real-time malware signatures. Licensing is based on how many websites are being scanned and includes support from our Team. We recommend real-time malware signatures for hosting providers and other production environments. Wordfence CLI's
<remediate>sub-command allows you to automatically restore known files from WordPress Core, plugins and themes.Wordfence's Industry Leading Vulnerability Scanning
Wordfence CLI includes industry leading vulnerability scanning which is completely free for all license types. CLI's vulnerability scanner uses our open vulnerability database which is continually updated by our team using our own research, and by triaging external research into the database as quickly as it is published.
What is the difference between the Wordfence Plugin and Wordfence CLI?
The Wordfence Plugin is an excellent overall security solution for WordPress and includes a firewall, two-factor authentication, brute force protection, and IP blocklist with many other features in addition to a malware scanner. Wordfence CLI provides more technical server administrators and operations teams with high performance malware and vulnerability scanning capability.
CLI's malware-scan is parallelizable, meaning that it can take advantage of all your CPU cores when scanning, providing very high performance. CLI is also able to execute at a higher permissions level than your web server and website, giving it an additional layer of protection against compromise. CLI is also incredibly flexible and can be scheduled using cron and combined with other command line tools.