Wordfence and GDPR – General Data Protection Regulation

Defiant, the company behind Wordfence, has updated its terms of use, privacy policies and software, as well as made available standard contractual clauses to meet GDPR compliance. Customers must review and agree to updated terms in order to continue using our products and services.

Defiant, the company behind Wordfence, has updated its terms of use, privacy policies, and software, as well as made available standard contractual clauses to meet GDPR compliance. Customers must review and agree to updated terms in order to continue using our products and services.

The General Data Protection Regulation (GDPR) is a set of rules that provide data subjects with more control over their personal data. GDPR defines a data subject as anyone within the borders of the EU at the time of processing their personal data. It includes regulations on how EU data can be exported outside of the EU. It is changing the way organizations approach data privacy and the handling of personal information.

Agreement to new Terms and Privacy Policies

To continue using Defiant products and services including the Wordfence plugin, all customers must review and agree to the updated terms and privacy policies. These changes reflect our commitment to follow data protection best practices and regulations.

Standard Contractual Clauses

Defiant provides Standard Contractual Clauses to help customers meet their data privacy and protection obligations that are part of the General Data Protection Regulation (GDPR). Standard Contractual Clauses establish the respective responsibilities between the Defiant customer (as the data controller) and Defiant itself (as the data processor). This is available to all Defiant customers that are processing personal data and operate in the European Economic Area (EEA) or are otherwise subject to the territorial scope of the GDPR. To learn more about privacy and data protection rules of the EEA, click here.

Cookies

Defiant provides a Cookie Policy that explains how we use Cookies to collect information about the way you use our Sites and Services, and how you can control them. Please see Defiant’s Privacy Policy which includes the Cookie Policy.

Cookies set by the Wordfence plugin

To help you understand which cookies the Wordfence plugin sets when installed on your WordPress site, we have provided the guide below. Wordfence currently sets four cookies and we explain what each cookie does, who will have the cookie set, and why the cookie helps secure your site.

wfwaf-authcookie-(hash)

What it does: This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded.

Who gets this cookie: This is only set for users that are able to log in to WordPress.

How this cookie helps: This cookie allows the Wordfence firewall to detect logged in users and allow them increased access. It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.

wf_loginalerted_(hash)

What it does: This cookie is used to notify the Wordfence admin when an administrator logs in from a new device.

Who gets this cookie: This is only set for users who log in, and only if the site administrator has enabled the option “Only alert me when that administrator signs in from a new device”, or the similar option for non-administrator users.

How this cookie helps: This cookie helps site owners know whether there has been a user login from a new device.

wfCBLBypass

What it does: Wordfence offers a feature for a site visitor to bypass the country blocking feature by accessing a hidden URL. This cookie helps track who should be allowed to bypass the country blocking feature.

Who gets this cookie: When a hidden URL defined by the site administrator is visited, this cookie is set to verify the user can access the site from a country restricted by the country blocking feature. This will be set for anyone who knows and visits the hidden URL. This cookie is not set for anyone who does not know the hidden URL to bypass country blocking.

How this cookie helps: This cookie gives site owners a way to allow certain users from blocked countries to visit your site, even though the country they are located in has been blocked.

wfls-remembered-(hash)

What it does: For users who use 2FA when logging in, this cookie allows them to log in with the same browser without requiring 2FA each time, for up to 30 days.

Who gets this cookie: This cookie is only set for users who enable the “Remember for 30 days” checkbox while logging in. This option is also only available if the admin has enabled “Allow remembering device for 30 days”.

How this cookie helps: This is a convenience feature. It allows users to log in without the extra step of 2FA after having successfully logged in from the same browser with 2FA.