Wordfence is a global team of WordPress security analysts, threat researchers, software engineers, and support staff. We are the leaders in our field, and we focus exclusively on securing WordPress websites, and on WordPress security research. We provide 24-hour service, 365 days a year for mission-critical websites, with a 1 hour response time via Wordfence Response. To learn more about our products, check out our Product Comparison Page.
Wordfence leads the industry in login security controls, including brute force protection, XMLRPC protection, reCAPTCHA to block automated attacks, and IP access control.
Centralized security events and template-based security configuration management, 100% free. Our customers constantly tell us that Wordfence Central is too good to be true. Even users of the free version of Wordfence get full access to Wordfence Central at no cost.
Wordfence Care and Response customers receive hands-on support to install, configure, and optimize Wordfence along with continuous security monitoring from our team. Wordfence Response customers get 24/7 support and monitoring with a 1-hour response time.
Two-factor authentication or 2FA has become a standard requirement for any secure service. Wordfence provides robust 2FA for your admins and users using secure open standards.
Wordfence maintains the largest WordPress-specific malware database in the world. Using this intelligence trove, we produce malware signatures to block intrusion attempts, detect malicious activity, and provide robust security for your WordPress site.
The Wordfence Threat Intelligence Team continuously discovers new vulnerabilities in WordPress core, plugins, and themes. We immediately release new firewall rules that protect against these vulnerabilities, which are deployed in real-time to our paid customers providing the best available intrusion prevention for WordPress.
Our unique data is what makes Wordfence so effective. Premium, Care, and Response customers receive real-time updates to protection and detection rules.
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to Missing Authorization, Insecure Direct Object Reference, Cross-Site Request Forgery as well as Cross-Site Scripting in versions up to, and …
Read More
Today, the Wordfence Threat Intelligence team is releasing our 2022 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations remain consistent with prior years, there were some surprising …
Read More
On January 19th, 2023, a member of the Wordfence Threat Intelligence team received an email from their personal blog, claiming the site had been hacked, and we received two reports from Wordfence users who received the same message. The email claimed that the site had been hacked due to a vulnerability on the site. The …
Read More
Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes it easier for would-be attackers to find success as systems are not as closely …
Read More
On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000 installations. The plugin developers responded on December 26, and we sent over the full disclosure that day. We released a firewall rule protecting against these …
Read More
The Wordfence Threat Intelligence team has been tracking exploits targeting a Critical Severity Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards Premium, a plugin with over 50,000 installations according to the vendor. The vulnerability, reported by security researcher Dave Jong and publicly disclosed on November 22, 2022, impacts plugin versions up to and including …
Read More
Receive WordPress security news before publication.