This site uses cookies in accordance with our Privacy Policy.
Continuously updated Threat Intelligence data feeds focused on attacks targeting web accessible services, distilled from requests targeting 12,000 ASNs across 4 million endpoints.
Wordfence provides an endpoint security suite to over 4 million unique websites across 12,000 unique networks globally. We have customers in almost every country. This gives us unique visibility into who is attacking web services, how they're doing it, and what fingerprints they leave behind. We feed this threat intelligence back to our customer websites to keep them secure.
Wordfence Intelligence Enterprise is a product that provides API access to the same unique threat intelligence used to protect 4 million websites using Wordfence. It includes real-time attacking IPv4 and IPv6 addresses, 30 days of history, malware signatures, and malware hashes that hosting providers and network defenders can leverage for optimal security in their network. This can be used alongside Wordfence Intelligence which is a free to access platform and set of WordPress vulnerability data feeds.
With Wordfence Intelligence you get free access to our vulnerability data feeds, updated regularly as new vulnerabilities are disclosed. These feeds are available to query and download via an API endpoint. You can find the complete documentation here.
Includes over 9,000 WordPress-related software vulnerabilities and is continuously updated in real-time as new vulnerabilities in WordPress software such as plugins and themes are discovered and disclosed.
With Wordfence Intelligence Enterprise you get access to the vulnerability data feeds, along with 3 additional exclusive threat data feeds detailed below. These feeds are updated regularly as new threats emerge and are available to query and download via API endpoints. You can find the complete documentation here.
This feed consists of an actively maintained list of IP Addresses targeting vulnerabilities and weak passwords over port 443 and 80, along with metadata and attack data originating from those IPs. The includes activity targeting WordPress and other major vulnerabilities like Log4j, ProxyNotShell, and Fortinet Appliance Auth Bypass to name a few, in addition to IP Addresses engaged in password attacks. This feed is updated every 60 minutes.
View our Threat Research using our own Threat Intelligence here.
The feed contains of over 6,000 YARA signatures aimed at detecting the most current malware targeting web applications. This feed is updated in real time as we develop new signatures to detect the latest malware.
Consisting of over 3 million unique hashes based on malicious samples we have observed, this comes in four ingestible hash formats: MD5, SHA-1, SHA-256, and SHA-256 normalized, along with unique metadata on each sample hash. This feed is updated every 15 minutes as new malicious samples are discovered.
Whether you're a cloud provider, hosting provider, or defending any segment of the global Internet or your own network, contact us to learn how you can better protect your customers, and help make the online community safer by using Wordfence Intelligence Enterprise.
Wordfence protects more than 4 million unique websites across the globe on over 12,000 unique ASNs in 190+ countries. This gives us incredibly broad and deep global visibility on attacks targeting web applications on port 80 and port 443. The attacks we monitor extend beyond WordPress exploits into other web-based administration applications and attacks targeting different web services and web applications, such as log4j. The situational awareness we provide to our Wordfence Intelligence Enterprise customers is geographically broad and diverse as we monitor and block attacks using a wide range of exploits with detection for over 6,000 web-specific malware variants targeting websites all over the world.
The data feeds that Wordfence Intelligence Enterprise provides give our customers the ability to block attacks at the edge of their network using network infrastructure. This means the first SYN packet of a three-way TCP handshake gets dropped on the floor, rather than incurring the cost of network transit and application layer execution. This massively reduces the number of attacks that endpoint customers see, improving their customer's experiences and reducing network and server load for a hosting provider. Wordfence Intelligence Enterprise enables you to block threat actors targeting web applications the way it should be done.
Wordfence Intelligence Enterprise provides a large set of malware signatures in a standardized format alongside a large set of malware hashes in four different hash formats. This allows hosting providers to perform massively parallelized scans across their entire fleet of servers in the most performant way possible. Wordfence provides the most comprehensive set of PHP specific malware signatures available today, in addition to a massive database of known malicious file sample malware hashes. This allows you to detect infected customer websites early, alert your customers, clean your network, and enables a positive interaction with affected customers.
Many hosting providers cannot see attacks targeting their own customers because the data transiting their network is encrypted from browser to customer-managed server. When a host does have access to server logs, the POST body of requests is not available for analysis. Network owners cannot see which servers on their own network are compromised and which are launching attacks targeting the online community because the attacks transiting the owner network are TLS encrypted.
Wordfence Intelligence includes a comprehensive and extremely current vulnerability database for WordPress that contains over 9,000 unique vulnerability records. This database is actively maintained by some of the top WordPress vulnerability researchers in the industry. For hosting providers that are hosting WordPress websites for their customers, this product includes enough data to perform massively parallelizable scans on your server fleet for WordPress vulnerabilities, alert customers or your SOC with information that specifically identifies that vulnerability, and includes the data needed to mitigate the issue.
Many cloud hosting providers and security operations teams do not have access to the operating system of servers they are responsible for securing. Wordfence defends over 4 million websites globally. We have excellent visibility on which servers are infected for a hosting provider, cloud provider, or geographic area, which helps indicate when these servers may be launching attacks against other web services. If you are a network defender responsible for securing a large network, we can help you identify which hosts on your network are compromised and need to be mitigated. Securing these infected hosts helps reduce attacks across the global Internet and helps keep the online community safer.
Wordfence Intelligence Enterprise is available to our enterprise customers under two licensing agreements. The first is an annual flat fee that is determined based on the specific use case of the customer. This model is well-suited to security operations teams that want to identify compromised hosts, block attacks on their own network, mitigate WordPress vulnerabilities in a timely fashion, or perform forensic analysis using our data.
The second model is tailored to hosting providers that incorporate data from Wordfence Intelligence Enterprise into a product for their customers. This model has a low flat-fee per end-user and includes the use of the Wordfence Intelligence Enterprise brand and logo. Both license agreements include consulting from our team to help you get up and running, fast!
Contact us today to discuss the best licensing option for your organization.