Advanced information and configuration

If you want to know more about the technical details of Wordfence, you will find the answers in this section.

Automatic Update

Wordfence has its own “Automatic Update” function. If you enable this, new versions of Wordfence will automatically be installed on your site.

If your site is hosted on a LiteSpeed web server, please read the help page about configuring LiteSpeed to ensure that the automatic updates of your Wordfence plugin complete without any problems.

In very rare cases, allowing Wordfence to update automatically can be problematic because the update may fail and you won’t know about it until you login to your site and see that Wordfence is missing from the list of plugins for example. This can also happen to other plugins that have a feature to update automatically and not just Wordfence. Often site owners will try to install Wordfence again and be presented with a common error message containing, ‘Destination folder already exists’.

An automatic update of Wordfence is usually related to a problem on the hosting server. The update process involves removing old files, extracting the new plugin and then copying over the new files to the plugin location. On some hosting servers that process can exceed the PHP max_execution_time or even the gateway timeout. It is usually during the last part of the transfer when the new files are copied over that issues can occur.

To resolve this you can manually delete the Wordfence plugin directory in the plugins directory below:

~/wp-content/plugins/wordfence

All of your plugin settings will remain intact as they are stored in the database.

You can then reinstall the plugin again on the WordPress Plugins page.

Wordfence Cloud Servers

  • Maintain a pristine copy of every version of WordPress ever released and information about each file, that allows us to very quickly compare your files with the originals.
  • Maintain a pristine copy of every version of every plugin and theme ever released into the WordPress theme and plugin repositories. We also maintain a massive database with information about every file, to rapidly verify your files against the originals.
  • Have a list of known malware files that your installation of Wordfence uses to check if any of your files are known malware variants.
  • Keep a cached copy of Google’s Safe Browsing list that is updated in real-time and used for your scans.
  • Contain data about known vulnerabilities that is sent to your Wordfence plugin during scans.
  • Keep a list of known dangerous IPs that is shared among Wordfence sites.
  • Perform various other functions that assist with scanning your site and keeping it secure.

Servers and IP Addresses

Wordfence infrastructure is hosted completely in the cloud. We are spread across multiple availability zones to reduce the likelihood of service outages.

Wordfence Central and plugin services use the IP addresses below to connect to sites that use the Wordfence plugin. These IP addresses are identified as outbound.wordfence.com. If you use Cloudflare with “bot protection” or other strict rules, or if you have other other types of blocking of inbound traffic aside from the Wordfence plugin, you may need to add these addresses to your allowlist:

44.235.211.232
54.68.32.247
54.71.203.174


If necessary, instructions for allowlisting on Cloudflare are available here.

Plugin services are hosted on the addresses below. In rare cases, if your server limits connections from your site to the internet, these are the IP addresses that you would need to add to your allowlist:

35.83.41.128
52.25.185.95
54.148.171.133


Note: Cloudflare users generally do not need to allow these IP addresses.

Wordfence servers previously used these addresses, which can be removed if you had allowlisted them in the past:

44.239.130.172
44.238.191.15
35.155.126.231