You are witnessing real-time attacks of WordPress websites, and seeing the Wordfence WordPress security plugin in action. We are only showing a mere Loading…% of the Loading… attacks happening per minute to keep your browser from slowing down. The map is continually updated as you watch.
Downloads to Date 11,627,225
The Wordfence WordPress security plugin continuously prevents, patrols and protects your WordPress websites against today’s ultra-advanced cyber attacks, hacks and online security threats.
To see more about what the Wordfence WordPress security plugin includes, activate one of our five defense categories, and then select a related featured below for even more information. Free, Premium and Customer Favorite features are clearly indicated.
Wordfence is not just a standalone plugin for WordPress. It is part of Feedjit Inc. and is powered by our cluster of high performance servers based at our data center in Seattle, Washington. Our premium remote scan capability connects to your server from ours to do an additional scan for possible infections.
Wordfence Premium users can increase their WordPress website protection by controlling scan frequency. You can schedule your scans as frequently as once every hour, every day. The free plugin is built to deliver one scan per day, pre-scheduled.
Wordfence will automatically scan your site once a day. To scan your site more frequently or control when Wordfence initiates a scan, you should upgrade to Wordfence Premium. Upgrading means that you can scan your WordPress site exactly when you want, selecting optimal times that don’t interfere with high-traffic or optimal usage of your site.
There are many places on WordPress sites for hackers to hide, but not with Wordfence. We maintain a cluster of high performance servers in our data center to assist with scanning your website. When Wordfence scans your site, it compares your core files, themes and plugins with what is in the WordPress.org repository and reports any changes to you.
This scan goes through all of your website posts and comments, new and old, by directly accessing your database, rather than doing a site crawl which is slower. The scan checks whether any posts or comments contain known dangerous URLs, linked to phishing or hosting malware.
Being blacklisted by Google is one of the worst things that can happen to your WordPress website. If Google detects any type of malware, SEO spam injection, redirect or other threat, they will immediately block access to your site. Wordfence continually scans all of your files, posts and comments for any malicious content or bad URLs that are listed as dangerous on the Google Safe Browsing list, so that your site stays clear.
Once Wordfence has checked your core, theme and plugin files, it checks for known malicious files on your WordPress installation by examining their hash signatures. Then Wordfence does a deep scan of every file in your entire WordPress base directory. This scan checks for data that is associated with malicious activity, like encoded backdoors and vulnerabilities.
Wordfence checks your DNS records for any potentially unwanted and unauthorized changes that could indicate a website hijacking. If your website domain name is suddenly pointed to a different IP address or if another more subtle change is made to your website DNS, we will alert you. An attacker could access your DNS administration system and point your website to their own IP address, thereby hijacking your site.
When your website URL is being used for spamvertising, it can severely impact your SEO rankings and email deliverability. Wordfence checks if your website URL has been flagged for spamvertising, indicating that your site may have been compromised or that you are emailing too aggressively.
Your legitimate customer emails can be caught in spam filters if another site on your shared IP address is generating a lot of spam. Use this feature to confirm that your site is running on a clean IP address, and that the shared IP you are using to host your website is not listed as a known source of spam email.
Monitor visits and hack attempts not shown in other analytics packages and see attempts in real time; including where in the world they’re coming from, their IP address, the time of day and time spent on your site.
If someone or something is generating many “page not found errors” or consuming content too aggressively, they’re likely up to no good. Block them with Wordfence, and make room for Google crawlers to work unhindered.
Content thieves are crawlers that steal your site content and hard-earned brand recognition by crawling your site for content and republishing it on their own website. Keep your content under control.
You will learn more about your visitors using the detailed information Wordfence provides about each visitor IP address. Using this information you can decide to let them into your site or block them.
Take your site security to the next level with “Two Factor Authentication” and secure your website investment. Used by banks, government agencies and military worldwide, Two Factor is one of the most secure forms of remote system authentication available.
Gain access to even more in depth support and additional features with Wordfence Premium. We are actively involved in WordPress forums and posting security updates on our Wordfence blog, but with Premium Support we are able to be even more responsive to security and plugin questions and requests.
Say goodbye to spam with Wordfence. The free version of Wordfence includes an excellent comment spam filter, and if you are a premium customer our advanced comment spam filter is automatically enabled which provides an additional layer of filtering. The advanced filter does an additional check on the source IP of inbound comments and any URLs that are included.
Running out of disk space has the potential to make your server unavailable. Some Denial of Service attacks actually force your website to run out of disk space. Wordfence monitors your available space and will alert you to a problem before it results in downtime.
It’s not just your password that protects your site but also the passwords of site admins, publishers and members. Everyone needs strong passwords. Wordfence enforces strong passwords across your site.
Strong passwords are crucial to the security of your site, and Wordfence ensures your passwords are strong by checking them against a database of common passwords and simulating a hack attempt using our password auditing GPU cluster. A Wordfence Password Audit simulates what a hacker would do if they stole your password database and launched an attack on it.
An IP address is the source address of a person or robot visiting your site, and clicking on it in Wordfence will show you all of the recent hits from that specific IP. Wordfence can show you an IP address’s location and the browser being used, so you can know who or what is visiting your site and where they are coming from.
Crawlers, scrapers and bots scan your site for vulnerabilities or steal your content by accessing it rapidly over a short period of time. Our Rate Limiting Firewall lets you limit how many pages visitors and automated crawlers can access per minute. Exceeding the limit results in their access being revoked and a triggered email being sent that explains the interruption in service.
Wordfence country blocking is designed to stop an attack, prevent content theft or end malicious activity that originates from a geographic region in less than 1/300,000th of a second. Blocking countries who are regularly creating failed logins, a large number of page not found errors and are clearly engaging in malicious activity is an effective way to protect your site during an attack.
We monitor who is trying to access your WordPress site and what they are trying to do, so you can protect what you have created from malicious users. If we detect that someone or something is scanning your site for vulnerabilities, we automatically block their IP address from accessing your WP site.
There are three ways that Wordfence prevents malicious actors from trying to hack your website. The first is IP blocking: if an IP is behaving maliciously, for example, trying to exploit a known vulnerability, Wordfence will block that IP from accessing your website. The second is locking out IP addresses from login: if a visitor tries to sign in and enters the incorrect password too many times, they are denied access to the login page. Thirdly, if an IP address i.e. a crawler or visitor is accessing your site too quickly, we temporarily ‘throttle’ their access to your website to prevent them consuming too many resources.
Quickly and efficiently dispatch site security threats by blocking entire malicious networks and any human or robot activity that indicates suspicious intentions based on pattern matching and IP ranges.
Not all crawlers are bad. You need Google crawlers because they index your website and ensure that you appear in Google’s search results — so it’s easy for people to find your WordPress site. Malicious crawlers have to go. They can steal content, take advantage of security vulnerabilities and slow your site down, harming your ranking on Google.
It takes just one look at the live login activity on your site to quickly realize how many failed login attempts you receive. Wordfence monitors these and will lock out any attempts to brute-force guess your WordPress password or WordPress usernames.
Wordfence uses our source code verification feature to tell you what has changed and help repair hacked files. Backed by our cloud servers (over a terabyte of data), Wordfence checks the integrity of your core files, theme files and plugin files against what is stored in the official WordPress repository. We maintain a record of every WordPress core, theme and plugin file ever released to the official repository to provide this feature.
|Choose Your Wordfence Plan||Premium $59 per year or less*||Free $0 per year|
|Check if Site is Spamvertized||⋆|
|Check if Site IP is Generating Spam||⋆|
|Cell Phone Sign In||⋆|
|Advanced Comment Spam Filter||⋆|
|Audit Existing Passwords||⋆|
|Scan Core, Theme & Plugin Files||✓||✓|
|Scan Content for Bad URLs||✓||✓|
|Scan for Known Malware||✓||✓|
|Scan for Hundreds of Backdoors||✓||✓|
|Scan for DNS Changes||✓||✓|
|Real-time Traffic Shows hackers||✓||✓|
|View Crawlers in Real-time||✓||✓|
|View Top Content Leeches||✓||✓|
|Get Detailed IP Info||✓||✓|
|Monitor Disk Space||✓||✓|
|Enforce Strong Passwords||✓||✓|
|Track IP Addresses||✓||✓|
|Rate Limit Rogue Crawlers||✓||✓|
|Manage Blocked IPs||✓||✓|
|Advanced Network Blocking||✓||✓|
|Block Fake Google Bots||✓||✓|
|Block Brute Force Attacks||✓||✓|
*The more Wordfence Premium license keys you buy, the more you save.
It's been a busy morning in WordPress security. Right after we released details of the attack platform we recently analyzed, WordPress released a security update in the form of 4.4.2....read moreVisit Blog
"Wordfence security plugin alerted me in an email that two of my blog plugins need updating. That's handy!"
@Elfbride, Publisher, Dallas Fort Worth, Texas
"121 attempts to hack the shesageek site in the last 10 minutes! So glad i installed wordfence security on the site."
@shesageeksta, Publisher, Sydney, Australia
"I have been using Wordfence Premium for over 6 months now and love it! It has protected my site from everything that I could ever think of. Thank you for your great software and being part of a open source community. Keep up the great work!!"
LilGeekShop.net, Online Store, Moultrie, GA
"The Wordfence plugin is impressively feature rich. A must-have for Wordpress security. Thanks to @SFoskett for bringing it to my attention!"
@JLivens, Director of Marketing, Iron Mountain
"I manage 80+ blog sites and Wordfence is on every one of them! Emails you when anything needs an update or any issue."
@BrianBasilico, Micro Blogger, Aurora, IL
"Do you use Wordpress? If so, I can highly recommend Wordfence Security. Saved me from a few issues so far."
@Love_London, Blogger, London, England
"Found @wordfence when I needed malicious cleanup help on one of my #Wordpress sites. Impressed!"
@bryanchalker, Consultant Web Designer, Atlanta, GA
"Wordfence is a good, free security plugin. Make sure it's activated!!"
@NorthCantonWC, WordCamp, North Canton, Ohio
Broaden your WordPress security skills with resources for all learning levels.Articles, Videos, Checklists, Surveys, Infographics and more.Get Started
You can install the Wordfence WordPress security plugin with these four best-practice steps:
When you decide to upgrade to the best WordPress Security out there, simply upgrade to Wordfence Premium.Get the Easy Install Guide