Wordfence is the flagship product of Defiant Inc. Millions of WordPress site owners rely on Wordfence to protect their websites, their customer data and their investment. Install Wordfence today and lock down your WordPress site in minutes.

Defiant

Our Story

Wordfence is incorporated as Defiant, Inc., a Delaware company. We are a small team that is passionate about software engineering and delivering excellent customer service. Wordfence has been downloaded over 90 million times, and is consistently one of the top plugins for WordPress on WordPress.org. The Wordfence WordPress Security plugin protects over 2 million active WordPress websites.

Explore Defiant

Notable Research Coverage

WordPress Users Urged to Delete Zero-Day-Ridden Plugin

Threatpost

Lindsey O'Donnell

January 28, 2019

Active XSS Attacks Targeting Amp for WP WordPress Plugin

Bleeping Computer

Lawrence Abrams

November 20, 2018

LOL: BabaYaga WordPress Malware Updates Your Site

Bleeping Computer

Catalin Cimpanu

June 7, 2018

New Tools Make Checking for Leaked Passwords a Lot Easier

Bleeping Computer

Catalin Cimpanu

March 2, 2018

WordPress captcha plugin on 300,000 sites had a sneaky backdoor

The Register

Richard Chirgwin

December 20, 2017

General Business Inquiries

Do you have a press inquiry or want to ask about partnerships, a feature or idea or other general business inquiries?

Let's Talk

Check Out The Latest From Our Blog

Podcast Episode 7: The Tyler Lau Interview, Assange, Thought Experiments, AirBnB Scams and More

April 17, 2019

Mark Maunder

 This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google’s Sensorvault and how it’s being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding a …
Read More

Zero-Day Vulnerability in Yellow Pencil Visual Theme Customizer Exploited in the Wild

April 11, 2019

James

On Monday the WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday a security researcher made the irresponsible and dangerous decision to publish a blog post including a proof of concept (POC) detailing how …
Read More

Yuzo Related Posts Zero-Day Vulnerability Exploited in the Wild

April 10, 2019

Dan Moen

The Yuzo Related Posts plugin, which is installed on over 60,000 websites, was removed from the WordPress.org plugin directory on March 30, 2019 after an unpatched vulnerability was publicly, and irresponsibly, disclosed by a security researcher that same day. The vulnerability, which allows stored cross-site scripting (XSS), is now being exploited in the wild. These …
Read More

Podcast Episode 6: The Brandy Lawson Interview, The News and Facebook Rants

April 10, 2019

Mark Maunder

 This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy …
Read More

Podcast Episode 5: The Raquel Landefeld Interview & The Pipdig Story

April 02, 2019

Mark Maunder

This week I chat about the Pipdig controversy in full with Mikey Veenstra and Kathy Zant. Kathy and I cover the news. And we have an amazing interview with Raquel Landefeld who is a community organizer for WordPress, co-founder of agency Mode Effect and a well known and loved personality in the WordPress community. Raquel …
Read More

Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses

April 02, 2019

Mikey Veenstra

In last week’s post, we reported on some concerning code identified in the Pipdig Power Pack (P3) plugin. The plugin, which is installed alongside WordPress themes sold by Pipdig, was found to contain a number of suspicious or malicious features. Among these features were a remote “killswitch” Pipdig could use to destroy sites, an obfuscated …
Read More

View More Blog Posts