Wordfence is the flagship product of Defiant Inc. Millions of WordPress site owners rely on Wordfence to protect their websites, their customer data and their investment. Install Wordfence today and lock down your WordPress site in minutes.


Our Story

Wordfence is incorporated as Defiant, Inc., a Delaware company. We are a small team that is passionate about software engineering and delivering excellent customer service. Wordfence has been downloaded over 180 million times, and is consistently one of the top plugins for WordPress on WordPress.org. The Wordfence WordPress Security plugin protects over 4 million active WordPress websites.

Explore Defiant

Notable Research Coverage

WordPress: Bugs Detected in Ninja Forms Plugin, 1M Sites Affected

Search Engine Journal

Matt Southern

February 21, 2021

WordPress plugin exploit puts more than one million sites at risk


Barclay Ballard

February 18, 2021

Ninja Forms WordPress Plugin Bug Opens Websites to Hacks


Tara Seals

February 17, 2021

Critical WordPress Plugin Flaw Allows Site Takeover


Lindsey O'Donnell

February 8, 2021

Critical vulnerability fixed in WordPress plugin with 800K installs

Bleeping Computer

Sergiu Gatlan

February 8, 2021

General Business Inquiries

Do you have a press inquiry or want to ask about partnerships, a feature or idea or other general business inquiries?

Let's Talk

Check Out The Latest From Our Blog

Episode 107: Two Plugin Vulnerabilities Target File Upload Capabilities

March 05, 2021

Ram Gall

The Wordfence Threat intelligence team finds vulnerabilities in two plugins, the User Profile Picture plugin and the WooCommerce Upload Files plugin. WordPress 5.7 is set to release on Tuesday, March 9 with numerous enhancements for the block editor, a new robots.txt API, and a stay of execution on jQuery-migrate. A zero day affecting Microsoft Exchange …
Read More

Critical Vulnerability Patched in WooCommerce Upload Files

March 04, 2021

Ram Gall

On December 29, 2020, the Wordfence Threat Intelligence team was alerted to a potential 0-day vulnerability in the WooCommerce Upload Files plugin, an add-on for WooCommerce with over 5,000 installations. Please note that this is a separate plugin from the main WooCommerce plugin and is designed as an add-on to that plugin. After confirming the …
Read More

Medium Severity Vulnerability Patched in User Profile Picture Plugin

March 03, 2021

Chloe Chamberland

On February 15, 2021, our Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in User Profile Picture, a WordPress plugin installed on over 60,000 sites. The vulnerability made it possible for authenticated users with the upload_files capability to obtain sensitive user information. We initially reached out to Cozmoslabs, the …
Read More

Episode 106: Admin Password Resets, Blockchain Botnets and a Central Management RCE

February 26, 2021

Ram Gall

WordPress 5.7 is due to be released on March 9, and it will allow administrators to send password reset emails to users. A botnet is abusing the Bitcoin blockchain for command and control, while VMWare fixes a critical remote code execution bug in all default vCenter installations. Android users now have an easy way to …
Read More

Episode 105: The Hottest Trend in WordPress

February 19, 2021

Kathy Zant

An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020. We discuss recent vulnerabilities discovered by our threat intelligence team in Ninja Forms, affecting over 1 million sites. WordPress issues a statement that pirated themes and plugins are prohibited on the repository. And a supply chain attack affects users …
Read More

One Million Sites Affected: Four Severe Vulnerabilities Patched in Ninja Forms

February 16, 2021

Chloe Chamberland

On January 20, 2021, our Threat Intelligence team responsibly disclosed four vulnerabilities in Ninja Forms, a WordPress plugin used by over one million sites. One of these flaws made it possible for attackers to redirect site administrators to arbitrary locations. The second flaw made it possible for attackers with subscriber level access or above to …
Read More

View More Blog Posts