You care about what you build.

Protect your websites with the best security available.

  • Wordfence Forensic Lab

    We continuously analyze the latest threats, developing new protection and detection rules.

  • Threat Defense Feed

    The Threat Defense Feed arms the Wordfence plugin with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe.

  • WordPress Security Plugin

    A Web Application Firewall, Malware Scanner, and many other tools make Wordfence the most complete security option available.

Watch Our Video 📹

You’re watching Wordfence protect WordPress Sites in Real-Time

  • Origin Point
  • Not Suspicious Yet
  • Blocked By Wordfence

You are witnessing real-time attacks of WordPress websites, and seeing the Wordfence WordPress security plugin in action. We are only showing a mere Loading…% of the Loading… attacks happening per minute to keep your browser from slowing down. The map is continually updated as you watch.

Downloads to Date 18,614,788

Wordfence is the most downloaded security plugin for WordPress websites

Our WordPress security plugin provides the best protection available for your website. Powered by the constantly updated Threat Defense Feed, WordFence Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. A deep set of additional tools round out the most comprehensive WordPress security solution available.

To learn more about the features of the Wordfence security plugin, activate one of the four categories below, then select a feature for detailed information.

Premium Plan Feature
Customer Favorite
Web Application Firewall
Web Application Firewall
Web Application Firewall

Web Application Firewall

Customer Favorite

Get Peace of Mind with the Wordfence Web Application Firewall

The Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website. Powered by the Threat Defense Feed, it is automatically updated with new firewall rules that protect you from the latest threats. Even if you are running a vulnerable plugin or theme, Wordfence will protect you from being hacked by blocking attacks based on known and constantly updated attack patterns.

Wordfence protects you from new and emerging threats

  • The Wordfence Forensic Lab is constantly adding new firewall rules to the Threat Defense Feed
  • The Premium version of the Threat Defense Feed is updated in real-time
Real-Time Threat Defense Feed
Real-Time Threat Defense Feed
Real-Time Threat Defense Feed

Real-Time Threat Defense Feed

Premium Plan Feature
Customer Favorite

Protection from the latest threats, delivered as they emerge

Wordfence protects over 1 million WordPress websites, giving us unmatched access to information about how hackers compromise sites, where attacks originate from and the malicious code they leave behind. The team in our Forensic Lab are constantly adding updates as they discover new threats. Premium members receive the real-time version of the Threat Defense Feed. Free users receive the community version, which is delayed by 30 days.

The real-time version of the Threat Defense Feed provides our Firewall and Scan Engine with:

  • Updated firewall rules
  • The latest malware signatures
  • Malicious IP updates
Block Brute Force Attacks
Block Brute Force Attacks
Block Brute Force Attacks

Block Brute Force Attacks

Customer Favorite

Stop brute force attacks

It takes just one look at the live login activity on your site to quickly realize how many failed login attempts you receive. Wordfence monitors these and will lock out any attempts to brute-force guess your WordPress password or WordPress usernames.

Wordfence prevents Brute Force Attacks by:

  • Locking out users after too many login failures
  • Locking out users after using the “forgot password” form too many times
  • Optionally locking out anyone who uses an invalid username
  • Preventing WordPress from giving hackers information about what usernames may exist on your system
  • Enforcing Cell Phone Sign-in (Two Factor Authentication) with Wordfence Premium
Country Blocking
Country Blocking
Country Blocking

Country Blocking

Premium Plan Feature

Put geographic protection in place

Wordfence country blocking is designed to stop an attack, prevent content theft or end malicious activity that originates from a geographic region in less than 1/300,000th of a second. Blocking countries who are regularly creating failed logins, a large number of page not found errors and are clearly engaging in malicious activity is an effective way to protect your site during an attack.

Wordfence Country Blocking gives you these options to protect your WP site:

  • Block access to your login form
  • Block access to the rest of your WordPress site
  • Access to a continually updated database of country to IP mappings
  • You’ll find even more options in Advanced Blocking
Advanced Manual Blocking
Advanced Manual Blocking
Advanced Manual Blocking

Advanced Manual Blocking

Powerful options allow you to block traffic from any source

Quickly and efficiently dispatch site security threats by blocking entire malicious networks and any human or robot activity that indicates suspicious intentions based on pattern matching and IP ranges.

Wordfence helps you intelligently block WordPress website threats by giving you the ability to:

  • Block ranges of IP addresses (Think of these as networks)
  • Specific web browsers and web browser patterns
  • Referring websites
  • Any combination of the above
Malware Scanner
Malware Scanner
Malware Scanner

Malware Scanner

Customer Favorite

Scan for Malware, Bad URLs, Backdoors and DNS Changes

There are many places on WordPress sites for hackers to hide, but not with Wordfence. We maintain a cluster of high performance servers in our data center to assist with scanning your website. When Wordfence scans your site, it compares your core files, themes and plugins with what is in the WordPress.org repository and reports any changes to you.

Wordfence leaves no corner of your WordPress site untended by:

  • Scanning core files, themes and plugins for malware, code injections and backdoors. Also checks them against WordPress.org repository versions to check their integrity
  • Checks URLs against Google’s safe browsing list
  • Scans for DNS changes
  • Premium users can scan as frequently as every hour and select optimal times that don’t interfere with high traffic time periods.
Real-Time Threat Defense Feed
Real-Time Threat Defense Feed
Real-Time Threat Defense Feed

Real-Time Threat Defense Feed

Premium Plan Feature
Customer Favorite

Protection from the latest threats, delivered as they emerge

Wordfence protects over 1 million WordPress websites, giving us unmatched access to information about how hackers compromise sites, where attacks originate from and the malicious code they leave behind. The team in our Forensic Lab are constantly adding updates as they discover new threats. Premium members receive the real-time version of the Threat Defense Feed. Free users receive the community version, which is delayed by 30 days.

The real-time version of the Threat Defense Feed provides our Firewall and Scan Engine with:

  • Updated firewall rules
  • The latest malware signatures
  • Malicious IP updates
Check if Site IP is Generating Spam
Check if Site IP is Generating Spam
Check if Site IP is Generating Spam

Check if Site IP is Generating Spam

Premium Plan Feature
Customer Favorite

Feeling ignored? Your emails might be trapped

Your legitimate customer emails can be caught in spam filters if another site on your shared IP address is generating a lot of spam. Use this feature to confirm that your site is running on a clean IP address, and that the shared IP you are using to host your website is not listed as a known source of spam email.

Wordfence prevents your IP from generating spam by:

  • Checking your IP address reputation with reputation providers like Spamhaus
  • Protecting your own website which prevents your site from being used to send spam email
  • Alerting you to file changes that don’t match the official WordPress repository, which may indicate a script installed that generates spam
Check if Site is Spamvertized
Check if Site is Spamvertized
Check if Site is Spamvertized

Check if Site is Spamvertized

Premium Plan Feature
Customer Favorite

More than a pain, spam is destructive

When your website URL is being used for spamvertising, it can severely impact your SEO rankings and email deliverability. Wordfence checks if your website URL has been flagged for spamvertising, indicating that your site may have been compromised or that you are emailing too aggressively.

Wordfence prevents your site from becoming a venue for spamvertizing by:

  • Protecting your site from being hacked, which prevents spammers from using your URL in spam emails
  • Checking if your site domain name has been flagged as a source of spam, which may indicate that your site has been hacked, or you are being flagged as a spammer for another reason
Remote WordPress Security Scans
Remote Scans
Remote WordPress Security Scans

Remote Scans

Premium Plan Feature

Premium members get deeper scan coverage

Wordfence is not just a standalone plugin for WordPress. It is part of Feedjit Inc. and is powered by our cluster of high performance servers based at our data center in Seattle, Washington. Our premium remote scan capability connects to your server from ours to do an additional scan for possible infections.

Wordfence remote servers protect your site:

  • Our high-performance servers allow us to do additional, comprehensive scans for our premium users
  • When we detect that files have changed, we can show you the changes and give you the option to repair and/or remove any infected files
  • You can repair files, even if you don’t have a backup of that file
View Blocked Intrusion Attempts
View Blocked Intrusion Attempts
View Blocked Intrusion Attempts

View Blocked Intrusion Attempts

Watch hackers trying to break into your site right now

Monitor visits and hack attempts not shown in other analytics packages and see attempts in real time; including where in the world they’re coming from, their IP address, the time of day and time spent on your site.

Wordfence monitoring in real time means you’ll see:

  • Traffic from robots, humans, Google crawlers and 404 errors
  • Traffic not shown by Google Analytics and other Javascript loggers
  • Logins, logouts and who is consuming the most content
  • Security threats and exploit attempts in real-time
  • Visitor location at the city level and visitor hostname
View Google Crawl Activity
View Google Crawl Activity
View Google Crawl Activity

View Google Crawl Activity

Watch Google Crawl Your Site In Real Time

If you’re like most website owners, SEO matters. Monitor Google as it crawls your site to see which pages are being crawled and which aren’t. Identify issues like crawling non-existent pages and missing robots.txt files.

Wordfence Live Traffic monitoring allows you to see:

  • Separates pageviews generated by humans from those generated by crawlers
  • Immediately blocks fake Google crawlers and malicious or overly aggressive crawlers
  • Helps enhance SEO by logging how often and when Google crawlers access your site
View Bots and Crawlers
View Bots and Crawlers
View Bots and Crawlers

View Bots and Crawlers

Block rogue crawlers in real-time. Save bandwidth, protect content.

If someone or something is generating many “page not found errors” or consuming content too aggressively, they’re likely up to no good. Block them with Wordfence, and make room for Google crawlers to work unhindered.

Wordfence is your ally in crawler control, because it:

  • Separates pageviews generated by humans from those generated by crawlers
  • Immediately blocks fake Google crawlers and malicious or overly aggressive crawlers
  • Helps enhance SEO by logging how often and when Google crawlers access your site
View Logins and Logouts
View Logins and Logouts
View Logins and Logouts

View Logins and Logouts

Watch visitors log in and out of your site in real time

There are many scenarios where it is helpful to see who is logging in and out of your site. If you think that you’ve been hacked you can look to see who has logged in, when they did and where they came from. If you are seeing a huge spike in brute force login attempts, you can use the information to develop a blocking strategy. Visibility into which usernames attackers are using during password guessing attacks alerts you to usernames you may need to change.

Wordfence Live Traffic monitoring allows you to see:

  • Logins, logouts and who is consuming the most content
  • Traffic from robots, humans, Google crawlers and 404 errors
  • Traffic not shown by Google Analytics and other Javascript loggers
  • Security threats and exploit attempts in real-time
  • Visitor location at the city level and visitor hostname
View Human Visitors
View Human Visitors
View Human Visitors

View Human Visitors

Watch site visitors use your site in real time

Monitor visits to your site in real time; including where in the world they’re coming from, their IP address, the time of day and time spent on your site.

Wordfence Live Traffic monitoring allows you to see:

  • Traffic from robots, humans, Google crawlers and 404 errors
  • Traffic not shown by Google Analytics and other Javascript loggers
  • Security threats and exploit attempts in real-time
  • Visitor location at the city level and visitor hostname
Cell Phone Sign In
Cell Phone Sign In
Cell Phone Sign In

Cell Phone Sign In

Premium Plan Feature

The most effective way to stop brute force attacks permanently

Take your site security to the next level with “Two Factor Authentication” and secure your website investment. Used by banks, government agencies and military worldwide, Two Factor is one of the most secure forms of remote system authentication available.

Wordfence Cell Phone Sign-in is secure because:

  • It relies on something you know (your password) and something you have (your cellphone). Two factors
  • It prevents simple password guessing attacks because they don’t have your cellphone to pass the second phase of authentication
  • An attacker needs to know your password before you will receive an SMS, protecting you from being inundated with SMS’s during a brute force attack
Repair Files
Repair Files
Repair Files

Repair Files

Customer Favorite

Don’t just find corrupted files. See the changes and repair them

Wordfence uses our source code verification feature to tell you what has changed and help repair hacked files. Backed by our cloud servers (over a terabyte of data), Wordfence checks the integrity of your core files, theme files and plugin files against what is stored in the official WordPress repository. We maintain a record of every WordPress core, theme and plugin file ever released to the official repository to provide this feature.

After Wordfence has alerted you to file changes, you can:

  • See how files have changed, something only Wordfence does
  • Download the original file to compare original to current
  • View and repair the file by overwriting with a pristine, original version
Audit Existing Passwords
Audit Existing Passwords
Audit Existing Passwords

Audit Existing Passwords

Premium Plan Feature

Easily crackable passwords lead to larger problems

Strong passwords are crucial to the security of your site, and Wordfence ensures your passwords are strong by checking them against a database of common passwords and simulating a hack attempt using our password auditing GPU cluster. A Wordfence Password Audit simulates what a hacker would do if they stole your password database and launched an attack on it.

Wordfence completes the password audit, so you can:

  • Know which user accounts are using passwords known in the hacker community through previously hacked websites
  • Know which accounts are using easily crackable passwords
  • Email admins, publishers and members their new passwords if they are using a weak password
  • Alternatively, send admins, publishers and members a request to update their passwords themselves if they are using a weak password
Advanced Comment Spam Filter
Advanced Comment Spam Filter
Advanced Comment Spam Filter

Advanced Comment Spam Filter

Premium Plan Feature

Block spam comments more effectively

Say goodbye to spam with Wordfence. The free version of Wordfence includes an excellent comment spam filter, and if you are a premium customer our advanced comment spam filter is automatically enabled which provides an additional layer of filtering. The advanced filter does an additional check on the source IP of inbound comments and any URLs that are included.

Wordfence reduces spam that is known to slip through traditional filters by:

  • Using advanced heuristics to identify spam comments, like URLs, source IP, and content
  • Using aggregated data to identify comment spammers
  • Giving you the flexibility to change your filter settings
Monitor Disk Space
Monitor Disk Space
Monitor Disk Space

Monitor Disk Space

Out of server disk space? You’ll know before it happens

Running out of disk space has the potential to make your server unavailable. Some Denial of Service attacks actually force your website to run out of disk space. Wordfence monitors your available space and will alert you to a problem before it results in downtime.

Wordfence prevents your site running out of disk space by:

  • Constantly monitoring disk space for your site
  • Sending an email alert before disk space reaches critical levels
Get Detailed IP Info
Get Detailed IP Info
Get Detailed IP Info

Get Detailed IP Info

Someone’s knocking, but who’s there?

You will learn more about your visitors using the detailed information Wordfence provides about each visitor IP address. Using this information you can decide to let them into your site or block them.

Wordfence lets you view detailed IP address information like:

  • Visitor location down to the city level
  • Who the visitor’s Internet Service Provider is
  • History for each IP address showing which pages they have visited
  • Which network an IP address belongs to using our “whois” lookup feature
  • What network an entire IP address belongs to and how to block it
See how the features compare by plan - free vs Wordfence Premium Compare Our Plans
Choose Your Wordfence Plan Premium $99 per year or less* Free $0 per year
Real-Time Threat Defense Feed 
Country Blocking 
Check if Site IP is Generating Spam 
Check if Site is Spamvertized 
Remote Scans 
Cell Phone Sign In 
Audit Existing Passwords 
Advanced Comment Spam Filter 
Web Application Firewall
Block Brute Force Attacks
Advanced Manual Blocking
Malware Scanner
View Blocked Intrusion Attempts
View Google Crawl Activity
View Bots and Crawlers
View Logins and Logouts
View Human Visitors
Repair Files
Monitor Disk Space
Get Detailed IP Info

*The more Wordfence Premium license keys you buy, the more you save.

Want to see how the features compare by feature type? Compare by feature type

The best WordPress security at a price you can afford

The most you will pay is $8.25 per month and we offer significant discounts for multi-year and multi-license purchases.

WordPress security needs change quickly. Get the latest defense thinking from our blog

Interview with Security Researcher Pan Vagenas

At Wordfence I'm really proud of the team we have. Our team are all amazing people who work hard every day to help secure WordPress websites. A few months ago we published the first installment in a series of posts where we introduce you to a few of the incredible people who work here and give them an opportunity to share with you a bit about themselves, how they became interested in information security and some of their knowledge....read more

Visit Blog

Our biggest fans are you

"I have been using Wordfence Premium for over 6 months now and love it! It has protected my site from everything that I could ever think of. Thank you for your great software and being part of a open source community. Keep up the great work!!"

LilGeekShop.net, Online Store, Moultrie, GA

"Is your site on Wordpress? If so PLEASE get the Wordfence plug in, it's locked three hackers out of my website in the last 24 hours."

@WordNerdSally, Publisher, Nottingham

"Wordfence security plugin alerted me in an email that two of my blog plugins need updating. That's handy!"

@Elfbride, Publisher, Dallas Fort Worth, Texas

"Found @wordfence when I needed malicious cleanup help on one of my #Wordpress sites. Impressed!"

@bryanchalker, Consultant Web Designer, Atlanta, GA

"121 attempts to hack the shesageek site in the last 10 minutes!  So glad i installed wordfence security on the site."

@shesageeksta, Publisher, Sydney, Australia

"The Wordfence plugin is impressively feature rich. A must-have for Wordpress security. Thanks to @SFoskett for bringing it to my attention!"

@JLivens, Director of Marketing, Iron Mountain

"intox.dk is currently being attacked by what seems to be a botnet. Thanks to @wordfence, the site is still fully secured."

@intoxstudio, Design Studio, Denmark

"Our website seems to be under attack at the moment. But all well thanks to a little plugin called Wordfence. Well worth a look."

@mintyslippers, Filmmaker, United Kingdom

Learn about WordPress Security

Broaden your WordPress security skills with resources for all learning levels.Articles, Videos, Checklists, Surveys, Infographics and more.

Get Started

Protect your WordPress website with Wordfence. Install now.

You can install the Wordfence WordPress security plugin with these four best-practice steps:

1
Sign into your own WordPress website. You’ll usually go to something like www.example.com/wp-admin/ and sign-in
2
Replace example.com with your own website’s URL
3
Now that you’re signed in and ready to administer your own site, go to Plugins > Add New and do a search for ‘wordfence’ without quotes
4
Click the “Install Now” link and Wordfence will be installed

When you decide to upgrade to the best WordPress Security out there, simply upgrade to Wordfence Premium.

Get the Easy Install Guide

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.