Wordfence is the flagship product of Defiant Inc. Millions of WordPress site owners rely on Wordfence to protect their websites, their customer data and their investment. Install Wordfence today and lock down your WordPress site in minutes.

Defiant

Our Story

Wordfence is incorporated as Defiant, Inc., a Delaware company. We are a small team that is passionate about software engineering and delivering excellent customer service. Wordfence has been downloaded over 90 million times, and is consistently one of the top plugins for WordPress on WordPress.org. The Wordfence WordPress Security plugin protects over 2 million active WordPress websites.

Explore Defiant

Notable Research Coverage

WordPress captcha plugin on 300,000 sites had a sneaky backdoor

The Register

Richard Chirgwin

December 20, 2017

Rogue WordPress Plugin Allowed Spam Injection

Threatpost

Tom Spring

September 15, 2017

Recent WordPress vulnerability used to deface 1.5 million pages

Network World

Lucian Constantin

February 10, 2017

Three More WordPress Plugins Found Hiding a Backdoor

Bleeping Computer

Catalin Cimpanu

December 28, 2017

New Tools Make Checking for Leaked Passwords a Lot Easier

Bleeping Computer

Catalin Cimpanu

March 2, 2018

General Business Inquiries

Do you have a press inquiry or want to ask about partnerships, a feature or idea or other general business inquiries?

Let's Talk

Check Out The Latest From Our Blog

How We Think About WordPress Security and Research

December 10, 2018

Mark Maunder

This weekend I had a really fun conversation with Doc Pop from Torque Magazine. Torque is a great news source for WordPress news. They are part of WP Engine, but maintain editorial independence. I chatted with Doc in Nashville, in the Music City Center where WordCamp US was being held. Music City Center is an …
Read More

Botnet of Infected WordPress Sites Attacking WordPress Sites

December 05, 2018

Mikey Veenstra

The Defiant Threat Intelligence team recently began tracking the behavior of an organized brute force attack campaign against WordPress sites. This campaign has created a botnet of infected WordPress websites to perform its attacks, which attempt XML-RPC authentication to other WordPress sites in order to access privileged accounts. Between Wordfence’s brute force protection and the premium real-time …
Read More

WordPress 5.0: How and When to Update

December 05, 2018

Mark Maunder

WordPress 5.0 is being released tomorrow, December 6th. This release contains a major change to the WordPress editor. The new editor, code-named Gutenberg, is a substantial leap forward in functionality. It uses a new block-based system for editing which allows you to embed a wide range of content in your posts and pages, and gives …
Read More

XSS Injection Campaign Exploits WordPress AMP Plugin

November 20, 2018

Mikey Veenstra

News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites. WordPress contributor Sybre Waaijer identified the security issue and confidentially disclosed it to the WordPress plugins team. To exploit the flaw, an attacker needs to have a minimum of subscriber-level access on a vulnerable site. The …
Read More

Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin

November 09, 2018

Mikey Veenstra

Earlier this week the WP GDPR Compliance plugin was briefly removed from the WordPress.org repository after the discovery of critical security issues impacting its users. In yesterday’s post, we provided some details regarding these issues and illustrated their severity. In the hours since that post was published, our team has continued tracking the adversaries seeking …
Read More

Privilege Escalation Flaw In WP GDPR Compliance Plugin Exploited In The Wild

November 08, 2018

Mikey Veenstra

After its removal from the WordPress plugin repository yesterday, the popular plugin WP GDPR Compliance released version 1.4.3, an update which patched multiple critical vulnerabilities. At the time of this writing, the plugin has been reinstated in the WordPress repository and has over 100,000 active installs. The reported vulnerabilities allow unauthenticated attackers to achieve privilege escalation, …
Read More

View More Blog Posts