Wordfence is the flagship product of Defiant Inc. Millions of WordPress site owners rely on Wordfence to protect their websites, their customer data and their investment. Install Wordfence today and lock down your WordPress site in minutes.


Our Story

Wordfence is incorporated as Defiant, Inc., a Delaware company. We are a small team that is passionate about software engineering and delivering excellent customer service. Wordfence has been downloaded over 200 million times, and is consistently one of the top plugins for WordPress on WordPress.org. The Wordfence WordPress Security plugin protects over 4 million active WordPress websites.

Explore Defiant

Notable Research Coverage

WordPress 5.7.2 Patches a Critical Vulnerability

Search Engine Journal

Roger Montti

May 13, 2021

General Business Inquiries

Do you have a press inquiry or want to ask about partnerships, a feature or idea or other general business inquiries?

Let's Talk

Check Out The Latest From Our Blog

Nulled WordPress Plugins – Dangers and Downsides

July 21, 2021

Ram Gall

In our 2020 Threat Report, the Wordfence Threat Intelligence Team identified malware distributed via nulled, pirated, or counterfeit plugins and themes as one of the largest threats facing the WordPress ecosystem. Many site owners are unaware of the risks associated with using nulled plugins, and in many cases, they may not even be aware that …
Read More

Episode 125: Critical SQL Injection Vulnerability Patched in WooCommerce

July 16, 2021

Ram Gall

A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. The REvil ransomware gang targeted a zero-day vulnerability in Kaseya, used by many in the banking industry, …
Read More

Critical SQL Injection Vulnerability Patched in WooCommerce

July 15, 2021

Ram Gall

Update: The article originally credited Tommy DeVoss (dawgyg) for the discovery. We’ve since been contacted by Tommy, who let us know that the credit should go to another researcher, Josh from DOS (Development Operations Security) On July 14, 2021, WooCommerce released an emergency patch for a SQL Injection vulnerability reported by a security researcher, Josh …
Read More

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

July 13, 2021

Chloe Chamberland

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites. There are over 50,000 plugins available to download in the WordPress repository. That does not include the thousands of premium or open source plugins available outside of the repository, along with …
Read More

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

July 02, 2021

Kathy Zant

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost user records was found online. Google Chrome is getting a HTTPS-only feature in an upcoming …
Read More

Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin

June 28, 2021

Chloe Chamberland

On May 27, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities that were discovered in ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites. These flaws made it possible for an attacker to upload arbitrary files to a vulnerable site and register as an administrator …
Read More

View More Blog Posts