Close-up of site cleaning status

Wordfence CLI is an open source, high performance, multi-process security scanner, written in Python, that quickly scans local and network filesystems to detect PHP malware and WordPress vulnerabilities. Wordfence CLI is open source under the GPL 3. CLI detects all known PHP malware - over 14 million malware variants. CLI also detects over 11,800 WordPress vulnerabilities, including the very newest vulnerabilities, using our open and continuously updated vulnerability database.

Full-featured vulnerability scanning is completely free in CLI. We have two malware data feeds for CLI - one which is free and detects common malware, and a commercial signature set which uses our full malware signature set and detects all known malware. We recommend the commercial set for hosting providers and other production environments.

Installation Instructions

  • Free vs Paid CLI Licenses

    CLI Free CLI Commercial
    High performance using multiple CPU cores High performance using multiple CPU cores
    Configurable resources usage Configurable resources usage
    Comprehensive WP Vulnerability Scanning Comprehensive WP Vulnerability Scanning
    Detects all known WordPress vulnerabilities Detects all known WordPress vulnerabilities
    Free malware signature set Commercial malware signature set
    Approximately 1,000 malware signatures Approximately 5,500 malware signatures
    Detects the most common malware variants Detects all known malware, 14 million variants
    No signup required, download and run API key enables commercial data feeds

    Wordfence CLI includes industry leading vulnerability scanning which is completely free in both our free and paid versions. The scanning uses our open vulnerability database which is continually updated by our team using our own research, and by triaging external research into the database as quickly as it is published.

    The free version of Wordfence CLI uses our Free Signature Set, which is also used by the free version of the Wordfence plugin. This is a smaller malware detection signature set that does a great job of detecting many malware variants. It does not include the newest malware detection capability, or the broader signature set that our commercial set includes.

    Our Commercial Signature Set is used by the paid version of the Wordfence Plugin along with the paid version of Wordfence CLI. Our commercial signature set includes the newest malware detection capability. We add approximately 30 to 70 new signatures every month. The Commercial Signature Set is our complete malware signature set. It is a significantly larger set of malware signatures than our free set, and also contains detection for the newest threats.

  • Access Wordfence's Commercial Signature Set

  • Scan up to
    100 Sites


    Buy Now

    Scan up to
    1,000 Sites


    Buy Now

    Scan up to
    10,000 Sites


    Buy Now

    Enterprise CLI

    Scan greater than
    10,000 Sites

    Contact us for pricing
  • Purchase a Wordfence CLI license for access to real-time malware signatures included in the complete Commercial Signature Set. Licensing is based on how many websites are being scanned and includes support from our Team.

    Enterprise CLI is designed for very large hosts with more than 10,000 customers. For example, if you are hosting several million WordPress sites and would like to conduct daily or even hourly high performance scans across your entire fleet, we’d love to chat with you. Please contact our team for a quote.

  • What is the difference between the Wordfence Plugin and Wordfence CLI?

    The Wordfence Plugin is an excellent overall security solution for WordPress and includes a firewall, two-factor authentication, brute force protection, and IP blocklist with many other features in addition to a malware scanner. Wordfence CLI provides more technical server administrators and operations teams with high performance malware and vulnerability scanning capability.

    CLI is parallelizable, meaning that it can take advantage of all your CPU cores when scanning, providing very high performance. CLI is also able to execute at a higher permissions level than your web server and website, giving it an additional layer of protection against compromise. CLI is also incredibly flexible and can be scheduled using cron and combined with other command line tools.

Installation Options

Install Wordfence CLI using one of the commands below depending on your operating system. Debian packages require the package downloaded prior to install. Simply install the package, run ‘wordfence configure’ for the first time to configure CLI, and then start scanning. If installing Wordfence CLI 1.1.0 or earlier, click here to request a free license key. Click here for additional installation help.

Python Package

Python 3 is required. Install commands below are dependent upon operating system.

pip install wordfence
pip3 install wordfence

Debian Package

Debian based linux operating systems Ubuntu, Debian, Mint, Kali


sudo apt install ./wordfence.deb

Alternative Installation Methods

CLI License Terms and Conditions

Wordfence CLI License Terms and Conditions

Register below to receive email notifications about updates to Wordfence CLI License Terms and Conditions.