Wordfence is the flagship product of Defiant Inc. Millions of WordPress site owners rely on Wordfence to protect their websites, their customer data and their investment. Install Wordfence today and lock down your WordPress site in minutes.

Defiant

Our Story

Wordfence is incorporated as Defiant, Inc., a Delaware company. We are a small team that is passionate about software engineering and delivering excellent customer service. Wordfence has been downloaded over 150 million times, and is consistently one of the top plugins for WordPress on WordPress.org. The Wordfence WordPress Security plugin protects over 3 million active WordPress websites.

Explore Defiant

Notable Research Coverage

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Threatpost

Tara Seals

October 5, 2020

Hackers are fighting a war over 300K vulnerable WordPress sites

Bleeping Computer

Sergiu Gatlan

September 10, 2020

Critical Flaws in WordPress Quiz Plugin Allow Site Takeover

Threatpost

Lindsey O'Donnell

August 14, 2020

Hidden WordPress 5.5 Feature Blocks Rogue Plugins

Search Engine Journal

Roger Montti

August 13, 2020

Divi WordPress Theme Vulnerability

Search Engine Journal

Roger Montti

August 6, 2020

Facebook plugin bug lets hackers hijack WordPress sites’ chat

Bleeping Computer

Sergiu Gatlan

August 4, 2020

Newsletter plugin bugs let hackers inject backdoors on 300K sites

Bleeping Computer

Sergiu Gatlan

August 3, 2020

General Business Inquiries

Do you have a press inquiry or want to ask about partnerships, a feature or idea or other general business inquiries?

Let's Talk

Check Out The Latest From Our Blog

Episode 91: How Hackers Can Use CSRF Vulnerabilities and Spearphishing to Wreak Havoc on WordPress

October 17, 2020

Kathy Zant

On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc, much like the phishing campaigns now being found on the Canva design platform. With WordPress …
Read More

High Severity Vulnerability Patched in Child Theme Creator by Orbisius

October 14, 2020

Chloe Chamberland

On September 9, 2020, our Threat Intelligence team discovered a vulnerability in Child Theme Creator by Orbisius, a WordPress plugin installed on over 30,000 sites. This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an …
Read More

Episode 90: WPBakery Plugin Vulnerability Exposes Over 4 Million Sites

October 09, 2020

Scott Miller

A vulnerability discovered by the Wordfence Threat Intelligence team in the WPBakery plugin exposes over 4 million sites. High severity vulnerabilities were discovered in the Post Grid and Team Showcase plugins. The online avatar service Gravatar, has been exposed to a user enumeration technique, which could be abused to collect data on its users’ profiles, …
Read More

Vulnerability Exposes Over 4 Million Sites Using WPBakery

October 07, 2020

Chloe Chamberland

On July 27th, our Threat Intelligence team discovered a vulnerability in WPBakery, a WordPress plugin installed on over 4.3 million sites. This flaw made it possible for authenticated attackers with contributor-level or above permissions to inject malicious JavaScript in posts. We initially reached out to the plugin’s team on July 28, 2020 through their support …
Read More

High Severity Vulnerabilities in Post Grid and Team Showcase Plugins

October 05, 2020

Ram Gall

On September 14, 2020, our Threat Intelligence team discovered two high severity vulnerabilities in Post Grid, a WordPress plugin with over 60,000 installations. While investigating one of these vulnerabilities, we discovered that almost identical vulnerabilities were also present in Team Showcase, a separate plugin by the same author with over 6,000 installations. We initially reached …
Read More

Episode 89: Shopify Rogue Employees, Medium and Twitter Vulnerabilities, and Hackers Hiding Out in Corporate Networks

October 02, 2020

Scott Miller

Shopify reports that two rogue employees stole data from 200 merchants on their platform. A security researcher found a vulnerability in the Medium Partner Program could have allowed an attacker to steal writers’ earnings. Symantec reports that a state-sponsored hacking group has been hiding out in company networks as a part of an information-stealing campaign. …
Read More

View More Blog Posts