Wordfence is a global team of WordPress security analysts, threat researchers, software engineers, and support staff. We are the leaders in our field, and we focus exclusively on securing WordPress websites, and on WordPress security research. We provide 24-hour service, 365 days a year for mission-critical websites, with a 1 hour response time via Wordfence Response. To learn more about our products, check out our Product Comparison Page.
Wordfence leads the industry in login security controls, including brute force protection, XMLRPC protection, reCAPTCHA to block automated attacks, and IP access control.
Centralized security events and template-based security configuration management, 100% free. Our customers constantly tell us that Wordfence Central is too good to be true. Even users of the free version of Wordfence get full access to Wordfence Central at no cost.
Wordfence Care and Response customers receive hands-on support to install, configure, and optimize Wordfence along with continuous security monitoring from our team. Wordfence Response customers get 24/7 support and monitoring with a 1-hour response time.
Two-factor authentication or 2FA has become a standard requirement for any secure service. Wordfence provides robust 2FA for your admins and users using secure open standards.
Wordfence maintains the largest WordPress-specific malware database in the world. Using this intelligence trove, we produce malware signatures to block intrusion attempts, detect malicious activity, and provide robust security for your WordPress site.
The Wordfence Threat Intelligence Team continuously discovers new vulnerabilities in WordPress core, plugins, and themes. We immediately release new firewall rules that protect against these vulnerabilities, which are deployed in real-time to our paid customers providing the best available intrusion prevention for WordPress.
Our unique data is what makes Wordfence so effective. Premium, Care, and Response customers receive real-time updates to protection and detection rules.
The Russian invasion of Ukraine began on February 20, 2022. By mid-March it was clear the cyber-war had begun, and the attacks have been consistent ever since. Prior to this, on March 1, 2022, Wordfence reported on an attack campaign on Ukrainian university websites. In response, we deployed our real-time threat intelligence to all sites …
Read More
Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: We receive attack reports from our customers at a rate of over 700 reports per …
Read More
On June 24, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a Cross-Site Request Forgery vulnerability we discovered in Ecwid Ecommerce Shopping Cart, a WordPress plugin installed on over 30,000 sites. This vulnerability made it possible for attackers to modify some of the plugin’s more advanced settings via a forged request. …
Read More
On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. This flaw makes it possible for an authenticated attacker to delete arbitrary files hosted on the server, provided they have access to create …
Read More
The Log4j vulnerability, initially reported in November 2021, has affected millions of devices and applications around the world. It has the potential to allow a malicious actor to take full control of vulnerable devices. As a result of how Log4j controls the logging of strings and code, the vulnerability allows malicious actors to inject malicious …
Read More
The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been previously disclosed and has not been patched on the now closed plugin. As the …
Read More
Receive WordPress security news before publication.