WordPress.org

Remember to visit our support forums if you have questions or comments.

What does Wordfence Security do that other WordPress security plugins don't do?

• Wordfence security scans check all your files, comments and posts for URL's in Google's Safe Browsing list.
• All Wordfence security scans happen hourly instead of daily or even less frequently.
• Wordfence scans do not consume large amounts of your precious bandwidth because all scans happen on your web server which makes them very fast.
• Wordfence fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click.
• Wordfence checks the integrity of your WordPress core files, plugins and themes against the original files in the WordPress repository. We alert you to any changes which may be a security threat, let you see what has changed and you can even repair changed files.

Does Wordfence support Multi-Site installations?

Yes. WordPress MU or Multi-Site as it's called now is fully supported. Using Wordfence you can security scan every blog in your network with one click. If one of your customers posts a page or post with a known malware URL that threatens your whole domain with being blacklisted by Google, we will tell you within a maximum of one hour which is how often scans occur.

Will Wordfence slow my site down?

We have spent a lot of time making sure Wordfence runs very quickly and securely. Wordfence uses its own database tables and advanced mysql features to ensure it runs as fast as possible. The creators of Wordfence also run Feedjit, a large scale real-time analytics product and ad network and much of the technology and knowledge from our real-time analytics products is built into Wordfence.

How often is Wordfence updated?

The Wordfence security plugin is frequently updated and we update the code on our security scanning servers more frequently. Our cloud servers are continually updated with the latest known security threats and vulnerabilities so that we can blog any security threat as soon as it emerges in the wild.

What if I need support?

All our paid customers receive priority support. Excellent customer service is a key part of being a Wordfence member. You can also visit our support forums where we provide free support for all Wordfence users and answer any security releated questions you may have.

Can I disable certain security features of Wordfence?

Yes! Simply visit the Options page, click on advanced options and enable or disable the security features you want.

What if my site security has already been compromised by a hacker?

Wordfence is the only security plugin that is able to repair core files, themes and plugins on sites where security is already compromised. However, please note that site security can not be assured unless you do a full reinstall if your site has been hacked. We recommend you only use Wordfence to get your site into a running state in order to recover the data you need to do a full reinstall. A full reinstall is the only way to ensure site security once you have been hacked.

How will I be alerted that my site has a security problem?

Wordfence sends security alerts via email. Once you install Wordfence, you will configure a list of email addresses where security alerts will be sent. When you receive a security alert, make sure you deal with it promptly to ensure your site stays secure.

My WordPress site is behind a firewall. Doesn't that make it secure?

If your site is accessible from the web, it means that people you don't know can execute PHP code on your site. They have to be able to execute PHP code, like the core WordPress code, in order for your site to work. Most WordPress security threats allow a hacker to execute PHP code on your website. The challenge hackers face is how to get their malicious PHP code onto your site to compromise your security. There are many upload mechanisms that WordPress itself, themes and plugins offer and the vast majority of these are secure. However, every now and then a hacker discovers an upload mechanism that is not secure or a way of fooling your site into allowing an upload. That is usually when security is compromised. Even though your site is behind a commercial firewall, it still accepts web requests that include uploads and executes PHP code and as long as it does that, it may become face a security vulnerability at some point.

Will Wordfence protect me against the Timthumb security problem?

The timthumb security exploit occurred in 2011 and all good plugins and themes now use an updated version of timthumb (which the creator of Wordfence wrote and donated to the timthumb author) which closes the security hole that caused the problem. However we do scan for old version of timthumb for good measure to make sure they don't cause a security hole on your site.

People keep telling me that WordPress itself has security problems. Is that true?

In general, no it's not. The WordPress team work very hard to keep the awesome software they have produced secure and in the rare cases when a security hole is found, they fix it very quickly. Most responsible plugin authors also fix security holes as soon as they are told about them. That's why Wordfence will warn you if you're running an old version of WordPress, a plugin or a theme, because often these have been updated to fix a security hole.