Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

The Benefits of Wordfence Premium

This entry was posted in Wordfence, WordPress Security on August 29, 2017 by Mark Maunder   11 Replies

On April 21 this year, Wordfence celebrated our fifth year making the world’s best firewall and malware scan for WordPress. The date came and went as we continued to focus on innovating and securing our customers. Today Wordfence has been downloaded over 45 million times and maintains a 4.8 star rating out of 5 stars, from over 3000 reviews on the official WordPress plugin repository.

Today Wordfence is a team of 16 full-time employees, and our total team size is 30 people, including contractors. Most of our team is US-based, though we have several colleagues around the world in countries like Sweden and the UK.

Wordfence has become a big project and is now very popular. We protect over 2 million websites, including many of the best known businesses and universities in the world.

Most of our team’s energy is dedicated to our Premium customers. Our customer service team provides an extremely high level of support for those customers, and our engineering innovation is focused on improving the real-time protection we provide to Premium.

The community edition of Wordfence is free, and is actually the same software that our Premium customers run. The difference between free and Premium is the data we provide that powers Wordfence and the service you receive from our team.

Better Data Means Better Protection

Firewall Rules and Malware Signatures in Real Time for Premium

Wordfence at its core is a firewall and a malware scanner. But without data, a firewall does not know what to block, and a malware scan does not know what to detect.

Our team is constantly doing research to uncover the newest threats to WordPress. We discover new threats through investigating hacked WordPress sites, by logging attacks across WordPress sites and analyzing them, and through online research and collaboration with our partners.

When we find a new kind of attack, we turn that into a firewall rule and release it immediately to our Premium customers. When we discover a new kind of malware, we turn that into a detection signature and release it to our Premium customers.

This flow of firewall rules and malware signatures happens in real time for our Premium customers, and it is continuous. In contrast, our free customers receive this data with a 30-day delay.

The (Legendary) Wordfence Premium IP Blacklist

Last week we published research that shows that well over 50% of all the attacks we block are blocked by the Premium Wordfence IP Blacklist.

This is what that looks like represented graphically. Each color represents a unique Wordfence firewall rule and how many attacks it blocks per day. The blue represents everything that the Premium IP blacklist blocks.

The first time I saw the above data, I was pleasantly surprised. Our team has gotten so good at identifying bad IPs and blacklisting them for our Premium customers that we now block more attacks with the blacklist than we do with firewall rules.

Our IP blacklist is only available to Wordfence Premium customers and is extremely effective at blocking attacks. An additional benefit of the IP blacklist is that it completely blocks known attackers from your site. They can’t even do an initial scan to see your content, what version of WordPress you are running or to probe for other weaknesses.

Priority Server Processing For Premium Customers

Wordfence is not just a PHP plugin for WordPress. It comes with back-end services provided by applications that we run on our own physical servers, which are located at multiple data centers. Wordfence Premium customers receive priority processing on our back-end services. We provide a higher degree of reliability for Premium customers on our servers, and we prioritize Premium processing higher than our free customers.

The Wordfence team constantly releases new versions of the Wordfence plugin, and alongside those releases, they are also releasing new versions of our server code.

The main reason we provide server-based applications to help Wordfence is to offload much of the processing from your website onto our own machines. For example, we maintain a mirror of every version of every plugin, theme and core file for WordPress ever released. That is well over half a terabyte of data!

We also maintain our IP blacklists, URL and hostname blacklists and other data to help identify malicious behavior.

When you perform a scan, our databases do most of the work to determine if a file on your system is malicious. If that happened on your own hosting account, it would take a long time and would consume a large amount of disk space.

To run Wordfence without our back-end services, you would need over a terabyte of disk space, fast multi-core CPUs, at least 32 Gigabytes of memory and a fast 1-gigabit connection to the network. Most hosting accounts have about 1% of that network speed, and with far less memory, disk and CPU resources.

Exceptional Customer Service

Today I was again reminded of one of the most powerful things that our CS (customer service) team do for our customers: they represent you when having conversations with the engineering team. Later this week, we will be announcing a major improvement in Wordfence. When the engineering team unveiled it today, the CS team were all cheering, because they care deeply about you and making sure your problems are solved and that you are protected.

As a Premium Wordfence customer, you get access to our priority ticketing system. Our team works closely with you to secure your WordPress site.

The CS team works one-on-one with our customers to solve problems and help you get the best protection from Wordfence for your site. They respond within 24 hours during the week and are very passionate about securing WordPress and securing your website.

Most of our Wordfence CS team is US-based, and they are all WordPress and Wordfence experts. When you chat with Chloe, Tim, Andie or Asa, they are based in California, Tennessee, Florida and Sweden, respectively – to mention just a few of our amazing team members.

Free and Premium – We Are Glad to Have You on Board

Whether you use the free community edition of Wordfence to protect your site or you are one of our valued Premium customers, we are glad to have you as part of the Wordfence family of customers.

Our team cares deeply about securing your site, and we want you to have the best protection possible. That is why we encourage all our free community users to upgrade to Wordfence Premium. Our current pricing is $99 per year, which works out to just $8.25 per month. It’s an incredible deal.

Upgrade to Wordfence Premium, today, and get the best protection available for your WordPress website.

Mark Maunder – Wordfence Founder & CEO

Did you enjoy this post? Share it!


4.55 (11 votes) Your rating:

11 Comments on "The Benefits of Wordfence Premium"

Steve August 29, 2017 at 9:45 am • Reply

The reason I've never bought into the Premium edition, attractive although the benefits are, is that it has never made clear in the communications about it whether the $99 per year is for one website, or all the websites one has installed WF on. Many of my sites are small 'hobby' sites and it would be uneconomic to pay for the Premium edition for them all, despite that they all need protection.

Mark Maunder August 29, 2017 at 12:23 pm • Reply

Hi Steve,

Thanks, the team has been made aware of this and we will make it clear in our docs and on the site.

The $99 per year is for a single WordPress website. This could be regular WordPress or a multi-site installation. When I say multi-site, to be clear, that means a single WP install that is using the multi-site configuration that lets you host many sites in subdirectories or subdomains.

Hope that helps.

Mark.

Sam August 29, 2017 at 10:52 pm • Reply

Hi Mark,

Thanks for such a great product and for answering Steve's question. We too were wandering about that. It's good to know that we can purchase one license for a multisite. I assume this is true even if we use mapped domains (each site on the network has its own domain name).

But we are also wandering about a reseller / developer license. We would very much like to see an unlimited site plan where we could develop a site and then add premium to our hosting / maintenance plans. This way we wouldn't even need to consult with our clients on the issue of security and simply add it as default to every site we develop.

Finally an option to add a trust seal / badge like you do with GravityScan something like "Protected by WordFence Premium" would be nice.

Any ideas if this is something you might consider in the not so distant future?

Many thanks,
Sam

Mark Maunder August 30, 2017 at 10:26 am • Reply

Thanks Sam. I just want to mention, we offer huge discounts for bulk purchases. So if you have 20 sites, it'll only cost you $30.49 per site per year.

This is kind-of like a developer or reseller license in that it is significantly cheaper.

We will consider the badge idea. Thank you.

Mark.

Sam Winter August 30, 2017 at 9:38 am • Reply

Thank you for clarifying on that point. I had the same exact question.

Geoff Jones August 30, 2017 at 4:48 am • Reply

I'm similar to the above Steve. I run 27 charity/hobby Wordpress sites all hosted on one account at Webfaction so $99*27 is prohibitive for me.
Would be good to have an intermediate pricing schedule for such low usage websites. Especially given when the sites were last hacked before I used Wordfence & InfiniteWP. A UNIX guru friend of mine cleaned them all up simultaneously by using the command line.

Mark Maunder August 30, 2017 at 10:24 am • Reply

Hi Geoff,

I think this is a common misunderstanding. It would cost you $28.59 per site per year. We offer massive discounts for bulk purchases. Please visit our pricing page here:

https://www.wordfence.com/wordfence-signup/

Regards,

Mark.

brian hitchcock August 31, 2017 at 9:40 pm • Reply

It would help me if it was clear, when I login, that I have premium. I may not be your most sophisticated user, but when I login, I have to read the text to remember that if I have an API key, I have premium. When I go to the manage keys page, I don't find the word 'premium' anywhere.
thanks
brh

Mark Maunder September 4, 2017 at 8:03 pm • Reply

Thanks Brian. Watch this space. Changes coming soon that I think you'll love.

Mark.

gferrell September 1, 2017 at 11:17 am • Reply

My #1 client uses Wordfence premium on 2 websites. We're very happy with the configurability and the results.

Within the last couple of weeks, we moved to a GoDaddy VPS -- with a contract apparently including a CDN and likely a WAF. I was asked to do some tracking of certain types of tool use & discovered that the IP addresses coming in are Incapsula-owned (who I just discovered is partnered with GoDaddy - probably white-labeled through SiteLock), so we need to grab the actual IP from the incapsula http header or the x-forwarded-for.

Does this kind of situation cause any problem for WordFence IP screening, or are you just doing the same type of thing?

Mark Maunder September 4, 2017 at 8:03 pm • Reply

Wordfence is designed specifically to work with several proxies. Check out the Wordfence options page and the option to configure how Wordfence gets an IP address. Choose the x-forwarded-for option.

Mark.

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.