Wordfence Free is an all-in-one security solution for WordPress websites that includes an endpoint firewall, security scanner, login security, alerts, centralized management, and more.
Wordfence free comes with our Web Application firewall that identifies and blocks malicious traffic. In addition to protecting against commonly exploited vulnerabilities, we also block attacks against vulnerabilities specific to WordPress plugins, attempts to upload malicious files, and brute-force login attempts. We protect your site at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives our firewall does not break encryption, cannot be bypassed and cannot leak data. Wordfence free users receive firewall rules to protect against new vulnerabilities 30 days after they are released to our Premium customers.
The security scanner included with Wordfence free alerts you when your site is running vulnerable or outdated plugins, themes, or core files. Additionally, our scanner compares your core files, themes and plugins with known clean versions in the WordPress.org repository, checking their integrity and allowing you to repair files that have changed by reverting them to a pristine, original version. The Wordfence scanner also scans file contents for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections, and allows you to delete malicious files. Wordfence free users receive signatures to detect new malware 30 days after they are released to our premium customers.
Wordfence free includes numerous login security features, including Two-factor authentication (2FA), one of the most secure forms of authentication available, as well as a login Page CAPTCHA to stop bots from logging in. Wordfence also lets you disable or restrict XML-RPC so that it requires 2FA, and allows you to block logins for users with known compromised passwords.
Wordfence free is fully compatible with Wordfence Central, which allows you to manage and monitor the security of multiple sites for free.
Wordfence free logs attacks against your site so that you can review them in Live Traffic, and allows you to block attacks by IP address, IP Range, Hostname, User Agent, or Referrer.