Help Documentation

Welcome to the official documentation for Wordfence 7. For information about previous versions of Wordfence, visit our old documentation.

Wordfence Central

Wordfence Central provides a powerful and efficient way to manage the security of many WordPress sites via a single interface.

Connecting your sites to Wordfence Central

Learn how to connect multiple sites to Wordfence Central.

Setting up two-factor authentication

Enabling two-factor authentication, or 2FA, is one of the most important steps you can take to prevent account compromise.

Using the Dashboard page

See a quick overview of all your sites managed in Wordfence Central.

Using the Configuration page

Manage your Wordfence plugin options for all of your sites.

Using Wordfence plugin options Templates

Create templates of Wordfence plugin options to be used on any of your sites.

Using the Settings page

The Settings page allows you to configure alert settings for sites connected to Central, and allows you to receive alerts via Email, SMS, or Slack.

Using Wordfence Central Teams

Teams are a Wordfence Central feature that lets multiple users collaborate and manage websites under a single account.

Viewing scan Findings

See an overview of last scan date and any scan issues found for all of your sites. You can also launch scans for your sites from here.


The Wordfence Dashboard provides insight into the current state of your site’s security.

Global Options

These allow you to update your Wordfence License, set your Alert Preferences and Import/Export Wordfence settings.


Email alerts quickly inform you of security related events on your site.

Wordfence Web Application Firewall (WAF)

The Wordfence Web Application Firewall is a PHP based, application level firewall that filters out malicious requests to your site.

Optimizing The Firewall

The Wordfence Firewall has a feature that allows the Firewall to be loaded before any other code loads. This provides the highest level of protection and we refer to this as "extended protection". In order to get extended protection, you have to go through a short configuration procedure.

Firewall Learning Mode

Learning Mode allows the Web Application Firewall to be adjusted to your site.


The Wordfence plugin saves information about recent attacks on your site. You can view this data on your Wordfence "Dashboard" and the Wordfence "Firewall" page.

Firewall Options

Change Firewall Mode (Enabled/Learning Mode/Disabled), Optimize the Firewall and configure advanced options.

MySQLi storage engine

In Wordfence 7.4.0, an alternate storage engine has been added to the Web Application Firewall, so that sites can store firewall data in the MySQL database instead of using files in "wp-content/wflogs/".

Brute Force Protection

Brute Force Protection limits login attempts on your site.

Rate Limiting

Wordfence includes a rate limiting firewall that controls how your site content can be accessed.


How to resolve issues with the Wordfence Web Application Firewall.


Aside from the Firewall rules that protect against SQL-injection, XSS and more, Wordfence also has custom features for additional blocking.

Country Blocking

Country Blocking allows you to block access to your site from certain countries.

Blocking Troubleshooting

What to do if you locked yourself out or are experiencing unwanted blocks.


A Wordfence scan examines all files on your WordPress website looking for malicious code, backdoors, shells that hackers have installed, known malicious URLs and known patterns of infections.

Scan Options

Select which aspects of your site the scan should investigate, adjust scan performance and configure advanced options.

Scan Results

How to interpret results from the Wordfence Scan.

Scan Scheduling

The Wordfence Scan runs regularly on your site. Premium customers can adjust how often the scan runs.

Scan Troubleshooting

If you are having problems getting your scans to start or complete, please see these instructions for some basic debugging steps.


Wordfence Tools include Two Factor Authentication, Whois Lookup, Password Audit, Live Traffic and Diagnostics.


Wordfence provides import/export functions options. Use this feature to copy options to other sites or to backup your settings when reinstalling Wordfence.

Password Auditing

This feature was removed in Wordfence 7.1.0.

Whois Lookup

The Whois Lookup Service gives you a way to look up who the owner of an Internet resource is.


Find out your PHP Version, database permissions, connectivity tests and much more in Wordfence Diagnostics.

Real-Time Live Traffic

Wordfence Live Traffic shows you what is happening on your site in real-time.

Two-Factor Authentication

Two-factor authentication allows you to add an extra layer of security to your WordPress login. This section describes how to use it.

Legacy Two-Factor Authentication

Two Factor Authentication allows you to add an extra layer of security to your WordPress login. This section describes how to use it.

Login Security Options

The Login Security page currently contains settings for two-factor authentication (2FA) and reCAPTCHA. In a future Wordfence version, existing login-related features will also move to the same page.

Advanced information and configuration

If you want to know more about the technical details of Wordfence, you'll find the answers in this section.

System requirements

Wordfence works on most WordPress websites. However, to make sure it works on your site you can check that it meets our minimum system requirements.


Historical information about previous Wordfence Releases.

Remove or Reset

If you need to reset or remove Wordfence from your site you can find help with that in this section.

Technical Details

Details about technical aspects of how Wordfence works.


Wordfence has many options that can be set within the WordPress admin pages, but there are some additional options that are not often needed.

Wordfence API

Additional functions for developers to import settings or whitelist IP-addresses.


How do I inspect the browser console or take a screenshot? Information about debugging issues with your site can be found here.

Plugin / Theme Conflicts

This is a list of plugins and themes that are currently known to us that can or do conflict with the Wordfence plugin.

Wordfence Premium

Wordfence Premium comes with an IP Blocklist, Real Time Protection and much more.


How to navigate and use your Wordfence account.


Wordfence Premium is sold as an annual license that is set to auto-renew by default. Discounts are available for volume purchases.

License Key

All Wordfence installations need a License key, also known as an API-key. The key can be a free key or a premium key.

Wordfence and GDPR - General Data Protection Regulation

Defiant, the company behind Wordfence, has updated its terms of use, privacy policies and software, as well as made available a data processing agreement to meet GDPR compliance. Customers must review and agree to updated terms in order to continue using our products and services. We also provide a data processing agreement if you qualify as a data controller under the GDPR.

Sub-Processors List

Sub-Processors for Wordfence products and services

Site Cleaning and Security Audits

Let one of our Security Analysts help you clean your infected site or inspect it for vulnerabilities.

Login Security Plugin

The Wordfence Login Security plugin contains a subset of the features found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA. It is ideal for sites that need login security functionality but either can’t or don’t want to run the full Wordfence plugin.