Wordfence is the flagship product of Defiant Inc. Millions of WordPress site owners rely on Wordfence to protect their websites, their customer data and their investment. Install Wordfence today and lock down your WordPress site in minutes.

Defiant

Our Story

Wordfence is incorporated as Defiant, Inc., a Delaware company. We are a small team that is passionate about software engineering and delivering excellent customer service. Wordfence has been downloaded over 150 million times, and is consistently one of the top plugins for WordPress on WordPress.org. The Wordfence WordPress Security plugin protects over 3 million active WordPress websites.

Explore Defiant

Notable Research Coverage

Threatpost

Lindsey O'Donnell

February 13, 2020

The Register

Gareth Corfield

February 17, 2020

Bleeping Computer

Sergiu Gatlan

February 19, 2020

ZDNet

Catalin Cimpanu

February 19, 2020

WordPress Plugins Exploited in Ongoing Attack, Researchers Warn

Threatpost

Lindsey O'Donnell

August 23, 2019

WordPress Plugin Flaws Exploited in Ongoing Malvertising Campaign

Threatpost

Lindsey O'Donnell

July 23, 2019

Hackers Exploit Recent WordPress Plugin Bugs for Malvertising

Bleeping Computer

Sergiu Gatlan

July 22, 2019

Critical Bug in WordPress Plugin Lets Hackers Execute Code

Bleeping Computer

Sergiu Gatlan

July 15, 2019

General Business Inquiries

Do you have a press inquiry or want to ask about partnerships, a feature or idea or other general business inquiries?

Let's Talk

Check Out The Latest From Our Blog

Active Attack on Recently Patched Duplicator Plugin Vulnerability Affects Over 1 Million Sites

February 19, 2020

Mikey Veenstra

Description: Unauthenticated Arbitrary File Download Affected Plugin: Duplicator Affected Versions: <= 1.3.26 CVSS Score: 7.5 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Patched Version: 1.3.28 A critical security update was recently issued for Duplicator, one of the most popular plugins in the WordPress ecosystem. Over a million WordPress sites were affected by a vulnerability allowing attackers to download …
Read More

Zero-Day Vulnerability in ThemeREX Addons Plugin Exploited in the Wild

February 18, 2020

Chloe Chamberland

Description: Remote Code Execution Affected Plugin: ThemeREX Addons Plugin Slug: trx_addons Affected Versions: Versions greater than 1.6.50 CVSS Score: 9.8 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Patched Version: Currently No Patch. Today, February 18th, our Threat Intelligence team was notified of a vulnerability present in ThemeREX Addons, a WordPress plugin installed on an estimated 44,000 sites. This …
Read More

Vulnerability in wpCentral Plugin Leads to Privilege Escalation

February 17, 2020

Chloe Chamberland

Description: Improper Access Control to Privilege Escalation Affected Plugin: wpCentral Affected Versions: <= 1.5.0 CVE ID: CVE-2020-9043 CVSS Score: 8.8 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Patched Version: 1.5.1 On February 13th, our Threat Intelligence team discovered a vulnerability in wpCentral, a WordPress plugin installed on over 60,000 sites. The flaw allowed anybody to escalate their privileges …
Read More

Episode 65: WordCamp Asia Cancellation Prompts Community Support

February 14, 2020

Kathy Zant

WordCamp Asia was cancelled this week due to concerns of COVID-19/coronavirus in the region. This week, Wordfence CEO Mark Maunder talks about the decision to offer the WordCamp Asia Cancellation Fee Assistance Package to attendees, volunteers, organizers, and speakers that had planned to travel to this inaugural regional WordCamp. We also cover a number of …
Read More

Critical Vulnerability In Profile Builder Plugin Allowed Site Takeover

February 13, 2020

Mikey Veenstra

Description: Unauthenticated Administrator Registration Affected Plugin: Profile Builder (Free, Pro, and Hobbyist versions affected) Affected Versions: <= 3.1.0 CVSS Score: 10.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Patched Version: 3.1.1 Earlier this week, a critical vulnerability was patched in the Profile Builder plugin for WordPress. This vulnerability affected the free version available on the WordPress.org repository, as …
Read More

Wordcamp Asia Cancellation Fee Assistance Package from Wordfence

February 11, 2020

Mark Maunder

A few minutes ago it was announced that Wordcamp Asia has been cancelled due to the recent COVID-19 concerns in the region. This was a very tough call, but I believe the right one. To give you some context, I’m going to include an extract from the final part of the World Health Organization Director …
Read More

View More Blog Posts