Enterprise-class Security
for All WordPress Users
You care about what you build.
Protect your websites with Wordfence.

Watch Our Video 📹

You’re watching Wordfence protect WordPress Sites in Real-Time

  • Origin Point
  • Not Suspicious Yet
  • Blocked By Wordfence

You are witnessing real-time attacks of WordPress websites, and seeing the Wordfence WordPress security plugin in action. We are only showing a mere Loading…% of the Loading… attacks happening per minute to keep your browser from slowing down. The map is continually updated as you watch.

Downloads to Date 8,494,612

Wordfence is the most downloaded WordPress security plugin for WordPress websites

The Wordfence WordPress security plugin continuously prevents, patrols and protects your WordPress websites against today’s ultra-advanced cyber attacks, hacks and online security threats.

To see more about what the Wordfence WordPress security plugin includes, activate one of our five defense categories, and then select a related featured below for even more information. Free, Premium and Customer Favorite features are clearly indicated.

Premium Plan Feature
Customer Favorite
Remote WordPress Security Scans
Remote Scans
Remote WordPress Security Scans

Remote Scans

Premium Plan Feature

Premium members get deeper scan coverage

Wordfence is not just a standalone plugin for WordPress. It is part of Feedjit Inc. and is powered by our cluster of high performance servers based at our data center in Seattle, Washington. Our premium remote scan capability connects to your server from ours to do an additional scan for possible infections.

Wordfence remote servers protect your site:

  • Our high-performance servers allow us to do additional, comprehensive scans for our premium users
  • When we detect that files have changed, we can show you the changes and give you the option to repair and/or remove any infected files
  • You can repair files, even if you don’t have a backup of that file
Frequent WordPress Security Scans
Frequent Scans
Frequent WordPress Security Scans

Frequent Scans

Premium Plan Feature

Take your WordPress site protection to another level with more frequent scans

Wordfence Premium users can increase their WordPress website protection by controlling scan frequency. You can schedule your scans as frequently as once every hour, every day. The free plugin is built to deliver one scan per day, pre-scheduled.

Wordfence frequent scans look for:

  • Known backdoors, code injections and malware in your files and database
  • Signatures of over 44,000 known malware variants
  • Malware and phishing URL’s in comments, posts and files
  • Please also note, as a Wordfence Premium user you’ll get additional scan coverage and have advanced comment and spam options
Scheduled WordPress Security Scans
Scheduled Scans
Scheduled WordPress Security Scans

Scheduled Scans

Premium Plan Feature

Schedule your scans when you want them

Wordfence will automatically scan your site once a day. To scan your site more frequently or control when Wordfence initiates a scan, you should upgrade to Wordfence Premium. Upgrading means that you can scan your WordPress site exactly when you want, selecting optimal times that don’t interfere with high-traffic or optimal usage of your site.

Wordfence allows you to schedule the time of your scan:

  • Schedule your site scans when website traffic is low
  • You can increase your scanning frequency when you feel there may be a threat
  • If you have multiple instances of WordPress and Wordfence, you can stagger scanning schedules for optimal performance
Scan Core, Theme & Plugin Files
Scan Core, Theme & Plugin Files
Scan Core, Theme & Plugin Files

Scan Core, Theme & Plugin Files

Customer Favorite

Detects malware hiding in core, theme and plugin files

There are many places on WordPress sites for hackers to hide, but not with Wordfence. We maintain a cluster of high performance servers in our data center to assist with scanning your website. When Wordfence scans your site, it compares your core files, themes and plugins with what is in the WordPress.org repository and reports any changes to you.

Wordfence leaves no corner of your WordPress site untended by:

  • Scanning core files, themes and plugins against WordPress.org repository versions to check their integrity
  • Scanning core files, themes and plugins for malware, code injections and backdoors
  • Notifying you of any changed files that an attacker may have damaged, even giving the option to remove malicious files or revert to the original file
Scan Content for Bad URLs
Scan Content for Bad URLs
Scan Content for Bad URLs

Scan Content for Bad URLs

It may be safe today, but that same URL can be dangerous tomorrow

This scan goes through all of your website posts and comments, new and old, by directly accessing your database, rather than doing a site crawl which is slower. The scan checks whether any posts or comments contain known dangerous URLs, linked to phishing or hosting malware.

Wordfence protects the integrity of your site by:

  • Checking URLs against Google’s safe browsing list
  • Scanning new and old posts and comments, because the list of known dangerous URLs is constantly changing
  • Finding old URLs that are no longer safe, so you can remove them and avoid a search penalty in Google
  • Preventing your site from acting as an intermediary in the distribution of malware
Scan for Known Malware
Scan for Known Malware
Scan for Known Malware

Scan for Known Malware

Customer Favorite

Keep your WordPress website on Google’s good side

Being blacklisted by Google is one of the worst things that can happen to your WordPress website. If Google detects any type of malware, SEO spam injection, redirect or other threat, they will immediately block access to your site. Wordfence continually scans all of your files, posts and comments for any malicious content or bad URLs that are listed as dangerous on the Google Safe Browsing list, so that your site stays clear.

Wordfence keeps your site from being Google blacklisted by:

  • Checking your files, posts and comments for any URLs listed as dangerous on the Google Safe-Browsing list
  • Scanning your files looking for potentially unwanted changes that could indicate malware
  • Scanning your files and database for known malware threats
  • Alerting you when updates to your system are needed, so you can keep your system on the latest version, therefore increasing your security posture
Scan for Hundreds of Backdoors
Scan for Hundreds of Backdoors
Scan for Hundreds of Backdoors

Scan for Hundreds of Backdoors

Customer Favorite

Slam backdoors — detect an attackers upload as they try to compromise a site

Once Wordfence has checked your core, theme and plugin files, it checks for known malicious files on your WordPress installation by examining their hash signatures. Then Wordfence does a deep scan of every file in your entire WordPress base directory. This scan checks for data that is associated with malicious activity, like encoded backdoors and vulnerabilities.

Wordfence protects your site from attackers by eliminating backdoors:

  • It checks for malicious files and changes by examining hash signatures
  • Provides deep scanning of every file in your WP base directory (for Premium users)
  • Looks for code changes associated with malicious activity
  • Looks for additional files that may not be a legitimate part of your WordPress installation
Scan for DNS Changes
Scan for DNS Changes
Scan for DNS Changes

Scan for DNS Changes

Consider changes in your DNS an early warning sign

Wordfence checks your DNS records for any potentially unwanted and unauthorized changes that could indicate a website hijacking. If your website domain name is suddenly pointed to a different IP address or if another more subtle change is made to your website DNS, we will alert you. An attacker could access your DNS administration system and point your website to their own IP address, thereby hijacking your site.

When Wordfence monitors your DNS for changes:

  • We look for your DNS records being pointed to different IP addresses
  • Detect more subtle changes indicating that your administration system has been hacked
  • We notify you of any change that may require your action
Check if Site is Spamvertized
Check if Site is Spamvertized
Check if Site is Spamvertized

Check if Site is Spamvertized

Premium Plan Feature
Customer Favorite

More than a pain, spam is destructive

When your website URL is being used for spamvertising, it can severely impact your SEO rankings and email deliverability. Wordfence checks if your website URL has been flagged for spamvertising, indicating that your site may have been compromised or that you are emailing too aggressively.

Wordfence prevents your site from becoming a venue for spamvertizing by:

  • Protecting your site from being hacked, which prevents spammers from using your URL in spam emails
  • Checking if your site domain name has been flagged as a source of spam, which may indicate that your site has been hacked, or you are being flagged as a spammer for another reason
Check if Site IP is Generating Spam
Check if Site IP is Generating Spam
Check if Site IP is Generating Spam

Check if Site IP is Generating Spam

Premium Plan Feature
Customer Favorite

Feeling ignored? Your emails might be trapped

Your legitimate customer emails can be caught in spam filters if another site on your shared IP address is generating a lot of spam. Use this feature to confirm that your site is running on a clean IP address, and that the shared IP you are using to host your website is not listed as a known source of spam email.

Wordfence prevents your IP from generating spam by:

  • Checking your IP address reputation with reputation providers like Spamhaus
  • Protecting your own website which prevents your site from being used to send spam email
  • Alerting you to file changes that don’t match the official WordPress repository, which may indicate a script installed that generates spam
Real-time Traffic Shows hackers
Real-time Traffic Shows hackers
Real-time Traffic Shows hackers

Real-time Traffic Shows hackers

Watch hackers trying to break into your site right now

Monitor visits and hack attempts not shown in other analytics packages and see attempts in real time; including where in the world they’re coming from, their IP address, the time of day and time spent on your site.

Wordfence monitoring in real time means you’ll see:

  • Traffic from robots, humans, Google crawlers and 404 errors
  • Traffic not shown by Google Analytics and other Javascript loggers
  • Logins, logouts and who is consuming the most content
  • Security threats and exploit attempts in real-time
  • Visitor location at the city level and visitor hostname
View Crawlers in Real-time
View Crawlers in Real-time
View Crawlers in Real-time

View Crawlers in Real-time

Blog rogue crawlers in real-time. Save bandwidth, protect content

If someone or something is generating many “page not found errors” or consuming content too aggressively, they’re likely up to no good. Block them with Wordfence, and make room for Google crawlers to work unhindered.

Wordfence is your ally in crawler control, because it:

  • Separates pageviews generated by humans from those generated by crawlers
  • Immediately blocks fake Google crawlers and malicious or overly aggressive crawlers
  • Helps enhance SEO by logging how often and when Google crawlers access your site
View Top Content Leeches
View Top Content Leeches
View Top Content Leeches

View Top Content Leeches

Protect your intellectual property from content thieves

Content thieves are crawlers that steal your site content and hard-earned brand recognition by crawling your site for content and republishing it on their own website. Keep your content under control.

Wordfence keeps content thieves off your site, so that:

  • You aren’t competing with a content thief for SEO ranking
  • You aren’t hit with a duplicate content penalty
  • Your server resources and bandwidth isn’t consumed by aggressive crawling
Get Detailed IP Info
Get Detailed IP Info
Get Detailed IP Info

Get Detailed IP Info

Someone’s knocking, but who’s there?

You will learn more about your visitors using the detailed information Wordfence provides about each visitor IP address. Using this information you can decide to let them into your site or block them.

Wordfence lets you view detailed IP address information like:

  • Visitor location down to the city level
  • Who the visitor’s Internet Service Provider is
  • History for each IP address showing which pages they have visited
  • Which network an IP address belongs to using our “whois” lookup feature
  • What network an entire IP address belongs to and how to block it
Cell Phone Sign In
Cell Phone Sign In
Cell Phone Sign In

Cell Phone Sign In

Premium Plan Feature

The most effective way to stop brute force attacks permanently

Take your site security to the next level with “Two Factor Authentication” and secure your website investment. Used by banks, government agencies and military worldwide, Two Factor is one of the most secure forms of remote system authentication available.

Wordfence Cell Phone Sign-in is secure because:

  • It relies on something you know (your password) and something you have (your cellphone). Two factors
  • It prevents simple password guessing attacks because they don’t have your cellphone to pass the second phase of authentication
  • An attacker needs to know your password before you will receive an SMS, protecting you from being inundated with SMS’s during a brute force attack
Premium Support
Premium Support
Premium Support

Premium Support

Premium Plan Feature

We are WP security experts, and we are ready to help you

Gain access to even more in depth support and additional features with Wordfence Premium. We are actively involved in WordPress forums and posting security updates on our Wordfence blog, but with Premium Support we are able to be even more responsive to security and plugin questions and requests.

Wordfence Premium offers these additional features:

  • Remote, frequent and scheduled scans
  • Spamvertising and site IP spam generation audits
  • Advanced content spam filter
  • Cell phone sign in
  • Country blocking
Advanced Comment Spam Filter
Advanced Comment Spam Filter
Advanced Comment Spam Filter

Advanced Comment Spam Filter

Premium Plan Feature

Block spam comments more effectively

Say goodbye to spam with Wordfence. The free version of Wordfence includes an excellent comment spam filter, and if you are a premium customer our advanced comment spam filter is automatically enabled which provides an additional layer of filtering. The advanced filter does an additional check on the source IP of inbound comments and any URLs that are included.

Wordfence reduces spam that is known to slip through traditional filters by:

  • Using advanced heuristics to identify spam comments, like URLs, source IP, and content
  • Using aggregated data to identify comment spammers
  • Giving you the flexibility to change your filter settings
Monitor Disk Space
Monitor Disk Space
Monitor Disk Space

Monitor Disk Space

Out of server disk space? You’ll know before it happens

Running out of disk space has the potential to make your server unavailable. Some Denial of Service attacks actually force your website to run out of disk space. Wordfence monitors your available space and will alert you to a problem before it results in downtime.

Wordfence prevents your site running out of disk space by:

  • Constantly monitoring disk space for your site
  • Sending an email alert before disk space reaches critical levels
Enforce Strong Passwords
Enforce Strong Passwords
Enforce Strong Passwords

Enforce Strong Passwords

Weak passwords are like a welcome mat for prowling hackers

It’s not just your password that protects your site but also the passwords of site admins, publishers and members. Everyone needs strong passwords. Wordfence enforces strong passwords across your site.

Wordfence ensures passwords are strong by:

  • Enforcing a strong password policy across your website
  • Warns you or your site members if they are using a weak password
Audit Existing Passwords
Audit Existing Passwords
Audit Existing Passwords

Audit Existing Passwords

Premium Plan Feature

Easily crackable passwords lead to larger problems

Strong passwords are crucial to the security of your site, and Wordfence ensures your passwords are strong by checking them against a database of common passwords and simulating a hack attempt using our password auditing GPU cluster. A Wordfence Password Audit simulates what a hacker would do if they stole your password database and launched an attack on it.

Wordfence completes the password audit, so you can:

  • Know which user accounts are using passwords known in the hacker community through previously hacked websites
  • Know which accounts are using easily crackable passwords
  • Email admins, publishers and members their new passwords if they are using a weak password
  • Alternatively, send admins, publishers and members a request to update their passwords themselves if they are using a weak password
Track IP Addresses
Track IP Addresses
Track IP Addresses

Track IP Addresses

We know where they’re coming from and what they are

An IP address is the source address of a person or robot visiting your site, and clicking on it in Wordfence will show you all of the recent hits from that specific IP. Wordfence can show you an IP address’s location and the browser being used, so you can know who or what is visiting your site and where they are coming from.

Wordfence lets you view detailed IP address information like:

  • Which city they are visiting from
  • What time, independent of time zone
  • How much time visitors spend on your site
  • Which pages they view
  • Who their Internet Service Provider is
  • Which network they belong to
Rate Limit Rogue Crawlers
Rate Limit Rogue Crawlers
Rate Limit Rogue Crawlers

Rate Limit Rogue Crawlers

Stop aggressive crawlers from consuming your content and resources

Crawlers, scrapers and bots scan your site for vulnerabilities or steal your content by accessing it rapidly over a short period of time. Our Rate Limiting Firewall lets you limit how many pages visitors and automated crawlers can access per minute. Exceeding the limit results in their access being revoked and a triggered email being sent that explains the interruption in service.

Wordfence rate limits rogue crawlers by:

  • Limiting the number of requests from a specific IP address per minute
  • Throttling a visitor once they have exceeded the limit per minute
  • Allowing you to define the request per minute limit to suit your level of security
  • Protecting Googlebot from being blocked and ensuring your SEO remains healthy
Country Blocking
Country Blocking
Country Blocking

Country Blocking

Premium Plan Feature

Put geographic protection in place

Wordfence country blocking is designed to stop an attack, prevent content theft or end malicious activity that originates from a geographic region in less than 1/300,000th of a second. Blocking countries who are regularly creating failed logins, a large number of page not found errors and are clearly engaging in malicious activity is an effective way to protect your site during an attack.

Wordfence Country Blocking gives you these options to protect your WP site:

  • Block access to your login form
  • Block access to the rest of your WordPress site
  • Access to a continually updated database of country to IP mappings
  • You’ll find even more options in Advanced Blocking
Block IPs
Block IPs
Block IPs

Block IPs

Customer Favorite

Block the bad guys

We monitor who is trying to access your WordPress site and what they are trying to do, so you can protect what you have created from malicious users. If we detect that someone or something is scanning your site for vulnerabilities, we automatically block their IP address from accessing your WP site.

Wordfence automatically blocks IP addresses of these types of visitors:

  • Fake Google crawlers
  • Anyone trying to access your site too quickly
  • Anyone generating page not found errors too quickly
Manage Blocked IPs
Manage Blocked IPs
Manage Blocked IPs

Manage Blocked IPs

Customer Favorite

You have denied access to an unwanted user. Now what?

There are three ways that Wordfence prevents malicious actors from trying to hack your website. The first is IP blocking: if an IP is behaving maliciously, for example, trying to exploit a known vulnerability, Wordfence will block that IP from accessing your website. The second is locking out IP addresses from login: if a visitor tries to sign in and enters the incorrect password too many times, they are denied access to the login page. Thirdly, if an IP address i.e. a crawler or visitor is accessing your site too quickly, we temporarily ‘throttle’ their access to your website to prevent them consuming too many resources.

Wordfence limits access to your site in three ways:

  • Malicious IP addresses are blocked outright
  • Brute force hacking attempts (password guessing) are locked out from login
  • Aggressive crawlers, content thieves and anyone else accessing your site too quickly are temporarily ‘throttled’ by having their access limited
Advanced Network Blocking
Advanced Network Blocking
Advanced Network Blocking

Advanced Network Blocking

Block networks, browser patterns and IP ranges with fine granularity

Quickly and efficiently dispatch site security threats by blocking entire malicious networks and any human or robot activity that indicates suspicious intentions based on pattern matching and IP ranges.

Wordfence helps you intelligently block WordPress website threats by giving you the ability to:

  • Block ranges of IP addresses (Think of these as networks)
  • Specific web browsers and web browser patterns
  • Referring websites
  • Any combination of the above
Block Fake Google Bots
Block Fake Google Bots
Block Fake Google Bots

Block Fake Google Bots

Will the Real Googlebot Please Stand Up

Not all crawlers are bad. You need Google crawlers because they index your website and ensure that you appear in Google’s search results — so it’s easy for people to find your WordPress site. Malicious crawlers have to go. They can steal content, take advantage of security vulnerabilities and slow your site down, harming your ranking on Google.

Wordfence can protect your site from fake Google Bots by:

  • Doing a reverse lookup on the crawler IP address to verify it is Google
  • Immediately blocking fake Google Crawlers and letting the real Google through
Block Brute Force Attacks
Block Brute Force Attacks
Block Brute Force Attacks

Block Brute Force Attacks

Customer Favorite

Stop brute force attacks

It takes just one look at the live login activity on your site to quickly realize how many failed login attempts you receive. Wordfence monitors these and will lock out any attempts to brute-force guess your WordPress password or WordPress usernames.

Wordfence prevents Brute Force Attacks by:

  • Locking out users after too many login failures
  • Locking out users after using the “forgot password” form too many times
  • Optionally locking out anyone who uses an invalid username
  • Preventing WordPress from giving hackers information about what usernames may exist on your system
  • Enforcing Cell Phone Sign-in (Two Factor Authentication) with Wordfence Premium
Repair Files
Repair Files
Repair Files

Repair Files

Customer Favorite

Don’t just find corrupted files. See the changes and repair them

Wordfence uses our source code verification feature to tell you what has changed and help repair hacked files. Backed by our cloud servers (over a terabyte of data), Wordfence checks the integrity of your core files, theme files and plugin files against what is stored in the official WordPress repository. We maintain a record of every WordPress core, theme and plugin file ever released to the official repository to provide this feature.

After Wordfence has alerted you to file changes, you can:

  • See how files have changed, something only Wordfence does
  • Download the original file to compare original to current
  • View and repair the file by overwriting with a pristine, original version
See how the features compare by plan - free vs Wordfence Premium Compare Our Plans

The best WordPress security for less than the cost of a single latte

The most you will pay is $3.25 per month and we have discounts of up to 90% for multiyear, multi-license packages.

WordPress security needs change quickly. Get the latest defense thinking from our blog

Commuting Kills

Every year we lose up to 10% of our electricity purely due to resistance during transmission. If you've ever wondered why a room-temperature superconductor is sought after, this is why. Thinking about superconductivity reminded me of the problem I have with companies who don't allow telecommuting. The way I see it, remote-workers are like work-place superconductivity: Brain power and productivity arrive instantly where they're needed with zero transmission cost....read more

Visit Blog

Our biggest fans are you

"Do you use Wordpress? If so, I can highly recommend Wordfence Security. Saved me from a few issues so far."

@Love_London, Blogger, London, England

"I have been using Wordfence Premium for over 6 months now and love it! It has protected my site from everything that I could ever think of. Thank you for your great software and being part of a open source community. Keep up the great work!!"

LilGeekShop.net, Online Store, Moultrie, GA

"121 attempts to hack the shesageek site in the last 10 minutes!  So glad i installed wordfence security on the site."

@shesageeksta, Publisher, Sydney, Australia

"I manage 80+ blog sites and Wordfence is on every one of them!  Emails you when anything needs an update or any issue."

@BrianBasilico, Micro Blogger, Aurora, IL

"Wordfence security plugin alerted me in an email that two of my blog plugins need updating. That's handy!"

@Elfbride, Publisher, Dallas Fort Worth, Texas

"Wordfence is a good, free security plugin. Make sure it's activated!!"

@NorthCantonWC, WordCamp, North Canton, Ohio

"Found @wordfence when I needed malicious cleanup help on one of my #Wordpress sites. Impressed!"

@bryanchalker, Consultant Web Designer, Atlanta, GA

"The Wordfence plugin is impressively feature rich. A must-have for Wordpress security. Thanks to @SFoskett for bringing it to my attention!"

@JLivens, Director of Marketing, Iron Mountain

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.

Protect your WordPress website with Wordfence. Install now.

You can install the Wordfence WordPress security plugin with these four best-practice steps:

1
Sign into your own WordPress website. You’ll usually go to something like www.example.com/wp-admin/ and sign-in
2
Replace example.com with your own website’s URL
3
Now that you’re signed in and ready to administer your own site, go to Plugins > Add New and do a search for ‘wordfence’ without quotes
4
Click the “Install Now” link and Wordfence will be installed

When you decide to upgrade to the best WordPress Security out there, simply upgrade to Wordfence Premium.

Get the Easy Install Guide